#VU51778 Improper Verification of Cryptographic Signature in Cisco Systems, Inc products - CVE-2021-1453
Published: March 30, 2021
Vulnerability identifier: #VU51778
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1453
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Catalyst C9500-32C Switch
Catalyst C9500-32QC Switch
Catalyst C9500-24Y4C Switch
Catalyst C9500-48Y4C Switch
Cisco Catalyst 9400 Series Switches
Cisco Catalyst 9600 Series Switches
Cisco IOS XE
Catalyst C9500-32C Switch
Catalyst C9500-32QC Switch
Catalyst C9500-24Y4C Switch
Catalyst C9500-48Y4C Switch
Cisco Catalyst 9400 Series Switches
Cisco Catalyst 9600 Series Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device.
Remediation
Install updates from vendor's website.