CVE-2021-1453

MEDIUM Year: 2021
CVSS v3 Score
6.8
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-347
View all →

Vulnerability Description

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.

Related Vulnerabilities

CVE-2017-11400

MEDIUM
CVSS:6.8(Medium)

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file sy...

CWE-3472017

CVE-2020-3209

MEDIUM
CVSS:6.8(Medium)

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on...

CWE-3472020

CVE-2021-30066

MEDIUM
CVSS:6.8(Medium)

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware s...

CWE-3472021

CVE-2021-35097

MEDIUM
CVSS:6.8(Medium)

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdrago...

CWE-3472021

CVE-2021-35113

MEDIUM
CVSS:6.8(Medium)

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdrago...

CWE-3472021

CVE-2022-1739

MEDIUM
CVSS:6.8(Medium)

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a devi...

CWE-3472022