CVE-2021-1453 - Improper Verification of Cryptographic Signature

Severity

68%

Complexity

9%

Confidentiality

98%

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.

CVSS 3.1 Base Score 6.8. CVSS Attack Vector: physical. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Demo Examples

Improper Verification of Cryptographic Signature

CWE-347

In the following code, a JarFile object is created from a downloaded file.


               
JarFile jf = new JarFile(f);

The JAR file that was potentially downloaded from an untrusted source is created without verifying the signature (if present). An alternate constructor that accepts a boolean verify parameter should be used instead.

Overview

Type

Cisco IOS

First reported 4 years ago

2021-03-24 20:15:00

Last updated 4 years ago

2021-03-29 18:47:00

Affected Software

Cisco IOS XE 16.6.4

16.6.4

Cisco IOS XE 16.6.4A

16.6.4a

Cisco IOS XE 16.6.4S

16.6.4s

Cisco IOS XE 16.6.6

16.6.6

Cisco IOS XE 16.6.8

16.6.8

Cisco IOS XE 16.8.1A

16.8.1a

Cisco IOS XE 16.8.1S

16.8.1s

Cisco IOS XE16.9.1

16.9.1

Cisco IOS XE 16.9.1S

16.9.1s

Cisco IOS XE 16.9.2

16.9.2

Cisco IOS XE 16.9.2S

16.9.2s

Cisco IOS XE 16.9.3

16.9.3

Cisco IOS XE 16.9.3S

16.9.3s

Cisco IOS XE 16.9.5

16.9.5

Cisco IOS XE 16.10.1

16.10.1

Cisco IOS XE 16.10.1E

16.10.1e

Cisco IOS XE 16.10.1S

16.10.1s

Cisco IOS XE 16.11.1

16.11.1

Cisco IOS XE 16.12.1

16.12.1

Cisco IOS XE 16.12.2

16.12.2

Cisco IOS XE 16.12.4

16.12.4

Cisco IOS XE 17.1.1

17.1.1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.