cisco-sa-20190515-nxos-sisv2: Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

First published: Wed May 15 2019(Updated: )

Multiple vulnerabilities in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerabilities exist because software digital signatures are not properly verified during CLI command execution. An attacker could exploit these vulnerabilities to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2

Credit: These vulnerabilities were found during internal security testing.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• collector/cisco-advisory
• source/Cisco
• agent/software-canonical-lookup
• agent/severity
• agent/weakness
• agent/title
• agent/references
• agent/author
• agent/tags
• agent/type
• agent/description
• agent/event
• vendor/cisco
• canonical/cisco nx-os software