CVE-2021-1453

MEDIUM

Cisco IOS XE for Catalyst 9000 - Unauthenticated Secure Boot Bypass via Improper Image Signature Verification

Title source: llm

Description

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-BQ5hrXgH

Scores

CVSS v3 6.8

EPSS 0.0005

EPSS Percentile 16.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-347

Status published

Products (50)

cisco/ios_xe 3.15.1xbs

cisco/ios_xe 3.15.2xbs

cisco/ios_xe 16.6.1

cisco/ios_xe 16.6.2

cisco/ios_xe 16.6.3

cisco/ios_xe 16.6.4

cisco/ios_xe 16.6.4a

cisco/ios_xe 16.6.4s

cisco/ios_xe 16.6.5

cisco/ios_xe 16.6.6

... and 40 more

Published Mar 24, 2021

Tracked Since Feb 18, 2026