CVE-2024-20397

CVSS 3.1 Score 5.2 of 10 (medium)

Details

Published Dec 4, 2024
CWE ID 284

Summary

CVE-2024-20397 is a vulnerability affecting the bootloader of Cisco NX-OS Software. This issue permits unauthenticated attackers with physical access or authenticated, local attackers with administrative credentials to bypass image signature verification. The root cause stems from insecure bootloader settings. Attackers can manipulate the bootloader by executing a series of commands, enabling the loading of unverified software, potentially leading to unauthorized system takeover.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share