Bootloader Vulnerability Impacts Over 100 Cisco Switches

December 5, 2024 at 07:31AM Cisco has released patches for a significant vulnerability in NX-OS bootloader software (CVE-2024-20397) that could let attackers bypass image signature verification. Affecting over 100 models, the flaw requires physical access for exploitation. Cisco advises immediate updates, although no known exploits are reported. Discontinued devices will not receive patches. **Meeting Takeaways: … Read more

Cisco Patches Multiple NX-OS Software Vulnerabilities

August 29, 2024 at 08:06AM Cisco released patches for multiple high and medium-severity vulnerabilities in its NX-OS software, including a high-severity flaw in DHCPv6 relay agent allowing remote unauthenticated attackers to cause a denial-of-service condition. The patches also address command injection and sandbox escape issues, as well as medium-severity bugs in APIC, affecting certain Cisco … Read more