First published: Wed May 15 2019(Updated: )
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco NX-OS Software | =8.1<8.1(1a)=7.3<8.1(1a) | 8.1(1a) 8.1(1a) |
Cisco NX-OS Software | ||
Cisco NX-OS Software | =3.2<3.2(3k)=3.1<3.2(3k) | 3.2(3k) 3.2(3k) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Cisco NX-OS Software Patch Signature Verification Bypass vulnerability is cisco-sa-20190515-nxos-psvb.
The severity of the Cisco NX-OS Software Patch Signature Verification Bypass vulnerability is medium with a CVSS score of 6.4.
The Cisco NX-OS Software Patch Signature Verification Bypass vulnerability allows an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device.
The following versions of Cisco NX-OS Software are affected by the Patch Signature Verification Bypass vulnerability: 8.1(1a), 7.3, and 3.2(3k).
No, there is currently no available remedy for the Cisco NX-OS Software Patch Signature Verification Bypass vulnerability.