Multiple vulnerabilities in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.
The vulnerabilities exist because software digital signatures are not properly verified during CLI command execution. An attacker could exploit these vulnerabilities to install an unsigned software image on an affected device.
Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
Security Impact Rating: Medium
Source:: Cisco Security Advisories