CVSS: 5.6EPSS: 0%CPEs: 304EXPL: 0CVE-2024-20397 – Cisco NX-OS Software Image Verification Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20397
04 Dec 2024 — A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unver... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 43EXPL: 0CVE-2024-20365 – Cisco Integrated Management Controller Redfish Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-20365
02 Oct 2024 — A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exp... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-redfish-cominj-sbkv5ZZ •