Cisco IOS XE Secure Boot Bypass Vulnerability in Catalyst and Rugged Series Switches

A vulnerability exists in the bootloader of Cisco IOS XE Software on various switch series, including Catalyst 9200, ESS9300 Embedded, IE9310, IE9320 Rugged, IE3500, and IE3505 Rugged Series Switches. This vulnerability could allow an authenticated local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute arbitrary code at boot time, disrupting the chain of trust. The issue arises from inadequate validation of software during the boot process, enabling attackers to manipulate loaded binaries and bypass integrity checks. Exploitation could lead to the execution of code that ignores the requirement for Cisco-signed images.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary code at boot time, bypassing the secure boot process and the requirement for Cisco-signed images, thereby compromising the device's integrity and trustworthiness.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading to the fixed software can be found on the Cisco Support and Downloads page. Customers without a Cisco service contract should contact the Cisco Technical Assistance Center (TAC) for assistance.