VDB
CVE-2024-20397
CVE-2024-20397
PUBLISHED
Es besteht eine Schwachstelle in Cisco NX-OS, Cisco Nexus, Cisco Unified Computing System (UCS) und Cisco MDS 9000. Dieser Fehler existiert im Bootloader der Cisco NX-OS Software wegen unsicherer Bootloader-Einstellungen. Durch die Ausführung einer Reihe von Bootloader-Befehlen kann ein Angreifer mit physischem Zugriff diese Schwachstelle ausnutzen, um die Überprüfung der NX-OS-Image-Signatur zu umgehen.
EPSS 0.03% · 8.0th percentile
Risk Scores
EPSS Score
0.03%
8.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco MDS 9000 Series Multilayer Switches | |
| Cisco | Cisco Nexus 9000 Series Fabric Switches | |
| Cisco | Cisco Unified Computing System (UCS) 6400 Series Fabric Interconnects | |
| Cisco | Cisco NX-OS | |
| Cisco | Cisco Nexus 7000 Series Switches | |
| Cisco | Cisco Unified Computing System (UCS) 6500 Series Fabric Interconnects | |
| Cisco | Cisco Nexus 3000 Series Switches |
Exploit Intelligence
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- CIRCL seen: CVE-2024-20397 (circl-sighting)
- cisco-sa-nxos-image-sig-bypas-pQDRQvjL (circl)
Timeline
- Dec 4, 2024 PoC Published
- Dec 4, 2024 CVE Published
- Dec 4, 2024 PoC Published
- Dec 4, 2024 PoC Published
- Dec 5, 2024 EPSS Score
- Dec 5, 2024 PoC Published
- Dec 6, 2024 PoC Published
- Dec 6, 2024 PoC Published
- Dec 6, 2024 PoC Published
- Dec 22, 2024 EPSS Score
- Jan 8, 2025 EPSS Score
- Jan 25, 2025 EPSS Score