Cisco Catalyst Switches Secure Boot Bypass Vulnerability

A vulnerability exists in Cisco IOS Software running on Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches. It allows an authenticated local attacker with privilege level 15, or an unauthenticated attacker with physical access to the device, to execute persistent code at boot time, thereby breaking the chain of trust. This issue arises from the absence of signature verification for certain files that may be loaded during the boot process. An attacker could exploit this by placing a crafted file in a specific location on the device. Successful exploitation would enable the execution of arbitrary code at boot time, bypassing a critical security feature of the device.

Impact

Exploitation of this vulnerability allows for arbitrary code execution at boot time, disrupting the device's secure boot process and chain of trust.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. The Cisco Software Checker tool can be used to determine exposure to this vulnerability and identify the first fixed release.