CVE-2024-20397
CVSS 3.1 Score 5.2 of 10 (medium)
Details
Published Dec 4, 2024
CWE ID 284
Summary
CVE-2024-20397 is a vulnerability affecting the bootloader of Cisco NX-OS Software. This issue permits unauthenticated attackers with physical access or authenticated, local attackers with administrative credentials to bypass image signature verification. The root cause stems from insecure bootloader settings. Attackers can manipulate the bootloader by executing a series of commands, enabling the loading of unverified software, potentially leading to unauthorized system takeover.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share