Cisco NX-OS Software Image Signature Verification Vulnerability – Last Updated 15th Apr 2019

Preface: This advisory is part of the March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 26 vulnerabilities.

Synopsis: A digital signature (not digital certificate) is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.

Vulnerability details: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. In order to manipulate the machine, threat actor must meet below conditions:

  • Has a particular product ID (PID)
  • Is running an affected BIOS version
  • Is running a vulnerable release of Cisco NX-OS Software

Official announcement : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif