Preface: This advisory is part of the March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 26 vulnerabilities.
Synopsis: A digital signature (not digital certificate) is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
Vulnerability details: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. In order to manipulate the machine, threat actor must meet below conditions:
- Has a particular product ID (PID)
- Is running an affected BIOS version
- Is running a vulnerable release of Cisco NX-OS Software