Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32060

Summary
Assigner-ASRG
Assigner Org ID-c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At-15 Feb, 2026 | 10:46
Updated At-15 Feb, 2026 | 10:46
Rejected At-
Credits

Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU

The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system. First identified on Nissan Leaf ZE1 manufactured in 2020.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ASRG
Assigner Org ID:c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At:15 Feb, 2026 | 10:46
Updated At:15 Feb, 2026 | 10:46
Rejected At:
â–¼CVE Numbering Authority (CNA)
Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU

The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system. First identified on Nissan Leaf ZE1 manufactured in 2020.

Affected Products
Vendor
Robert Bosch GmbHBosch
Product
Infotainment system ECU
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • 283C30861E
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347: Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347: Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Mikhail Evdokimov (PCA Cyber Security Assessment Team)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
product
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf
media-coverage
https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
third-party-advisory
Hyperlink: https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
Resource:
product
Hyperlink: http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf
Resource:
media-coverage
Hyperlink: https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
Resource:
third-party-advisory
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@asrg.io
Published At:15 Feb, 2026 | 11:15
Updated At:15 Feb, 2026 | 11:15

The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system. First identified on Nissan Leaf ZE1 manufactured in 2020.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-347Secondarycve@asrg.io
CWE ID: CWE-347
Type: Secondary
Source: cve@asrg.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdfcve@asrg.io
N/A
https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-boschcve@asrg.io
N/A
https://www.nissan.co.uk/vehicles/new-vehicles/leaf.htmlcve@asrg.io
N/A
Hyperlink: http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf
Source: cve@asrg.io
Resource: N/A
Hyperlink: https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
Source: cve@asrg.io
Resource: N/A
Hyperlink: https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
Source: cve@asrg.io
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

19Records found
CVE-2021-1376
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.16%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:15
Updated-08 Nov, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1375
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.16%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:15
Updated-08 Nov, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1136
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.59%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018808ncs_540881288188202ios_xrCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1244
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.59%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018808ncs_540881288188202ios_xrCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-27247
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.52%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:15
Updated-31 Jul, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for macOS - Improper Privilege Management

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for macOSworkplace_desktop
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-3138
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.91%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 19:15
Updated-15 Nov, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureNA
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-20568
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.01%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:51
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Intel CorporationAdvanced Micro Devices, Inc.
Product-radeon_rx_7700sryzen_5_pro_3200geradeon_pro_w6900xryzen_3_5300uradeon_rx_5700mradeon_rx_vega_m_firmwareradeon_pro_w6500mradeon_rx_7900_greradeon_rx_vega_56core_i5-8305gradeon_pro_vega_56_firmwareryzen_5_4600hsradeon_rx_5600ryzen_7_4980uradeon_rx_5300mradeon_rx_7900mryzen_3_3015ceradeon_rx_7900_xtradeon_rx_5500_xtradeon_rx_6600sradeon_rx_6650mnuc_8_enthusiast_nuc8i7hvkvawradeon_rx_6650_xtradeon_pro_w6800xradeon_rx_6700_xtryzen_5_pro_3400gradeon_rx_7600m_xtryzen_5_pro_3350geryzen_5_5600gryzen_5_pro_3400geradeon_pro_w6600radeon_pro_vega_64radeon_rx_6700mryzen_5_4680uryzen_5_5500unuc_8_enthusiast_nuc8i7hvkvaradeon_pro_w7600radeon_rx_6650m_xtradeon_rx_6700radeon_rx_7700_xtradeon_rx_7600sradeon_rx_6550mradeon_rx_5600_xtradeon_rx_6850m_xtradeon_rx_6550sradeon_pro_w5700radeon_rx_6800ryzen_7_4800hryzen_3_3015eradeon_softwareradeon_rx_6600mradeon_rx_5500mradeon_rx_7900_xtxryzen_7_5700gnuc_8_enthusiast_nuc8i7hnkqcradeon_rx_6900_xtradeon_rx_5600mradeon_rx_6950_xtryzen_3_4300geryzen_5_pro_3200gradeon_rx_vega_64_firmwareryzen_7_4700gryzen_3_4300gryzen_9_4900hsradeon_rx_5700_xtradeon_rx_6500mcore_i7-8706gradeon_rx_6800_xtradeon_pro_w6400radeon_rx_6500_xtradeon_rx_5700radeon_rx_6450mradeon_rx_7800_xtryzen_5_4500uradeon_rx_5300radeon_pro_w5500xradeon_pro_w6300mryzen_5_4600uradeon_pro_w6800x_duoradeon_pro_vega_64_firmwareradeon_rx_5500ryzen_7_4700geryzen_9_4900hradeon_rx_6400radeon_rx_6600_xtradeon_pro_vega_56ryzen_7_5700uradeon_rx_6800mradeon_rx_6300mryzen_5_4600geradeon_rx_7600radeon_pro_w6300radeon_pro_w6600xryzen_5_5500hradeon_pro_w7500radeon_rx_vega_56_firmwareradeon_rx_7600mcore_i7-8709gryzen_7_4700uradeon_pro_w6600mryzen_5_5600gecore_i7-8705gryzen_3_4300uradeon_pro_w5500ryzen_3_5300geryzen_5_4500ryzen_3_4100ryzen_7_4800hsradeon_pro_w5700xradeon_pro_w6800ryzen_7_5700geradeon_rx_6600radeon_rx_vega_64ryzen_3_5300gryzen_5_4600gnuc_kit_nuc8i7hnknuc_kit_nuc8i7hvkryzen_5_pro_3350gryzen_5_4600hradeon_pro_w7800radeon_rx_6700sradeon_rx_5300_xtradeon_rx_6800sRadeonâ„¢ RX Vega Series Graphics CardsRadeonâ„¢ PRO WX Vega Series Graphics CardsRadeonâ„¢ RX 5000/6000/7000 Series Graphics CardsRadeonâ„¢ PRO W5000/W6000/W7000 Series Graphics Cards
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-11488
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.49%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1dgx-2NVIDIA DGX Servers
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-20567
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.01%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:51
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Intel CorporationAdvanced Micro Devices, Inc.
Product-radeon_rx_7700sryzen_5_pro_3200geradeon_pro_w6900xryzen_3_5300uradeon_rx_5700mradeon_rx_vega_m_firmwareradeon_pro_w6500mradeon_rx_7900_greradeon_rx_vega_56core_i5-8305gradeon_pro_vega_56_firmwareryzen_5_4600hsradeon_rx_5600ryzen_7_4980uradeon_rx_5300mradeon_rx_7900mryzen_3_3015ceradeon_rx_7900_xtradeon_rx_5500_xtradeon_rx_6600sradeon_rx_6650mnuc_8_enthusiast_nuc8i7hvkvawradeon_rx_6650_xtradeon_pro_w6800xradeon_rx_6700_xtryzen_5_pro_3400gradeon_rx_7600m_xtryzen_5_pro_3350geryzen_5_5600gryzen_5_pro_3400geradeon_pro_w6600radeon_pro_vega_64radeon_rx_6700mryzen_5_4680uryzen_5_5500unuc_8_enthusiast_nuc8i7hvkvaradeon_pro_w7600radeon_rx_6650m_xtradeon_rx_6700radeon_rx_7700_xtradeon_rx_7600sradeon_rx_6550mradeon_rx_5600_xtradeon_rx_6850m_xtradeon_rx_6550sradeon_pro_w5700radeon_rx_6800ryzen_7_4800hryzen_3_3015eradeon_softwareradeon_rx_6600mradeon_rx_5500mradeon_rx_7900_xtxryzen_7_5700gnuc_8_enthusiast_nuc8i7hnkqcradeon_rx_6900_xtradeon_rx_5600mradeon_rx_6950_xtryzen_3_4300geryzen_5_pro_3200gradeon_rx_vega_64_firmwareryzen_7_4700gryzen_3_4300gryzen_9_4900hsradeon_rx_5700_xtradeon_rx_6500mcore_i7-8706gradeon_rx_6800_xtradeon_pro_w6400radeon_rx_6500_xtradeon_rx_5700radeon_rx_6450mradeon_rx_7800_xtryzen_5_4500uradeon_rx_5300radeon_pro_w5500xradeon_pro_w6300mryzen_5_4600uradeon_pro_w6800x_duoradeon_pro_vega_64_firmwareradeon_rx_5500ryzen_7_4700geryzen_9_4900hradeon_rx_6400radeon_rx_6600_xtradeon_pro_vega_56ryzen_7_5700uradeon_rx_6800mradeon_rx_6300mryzen_5_4600geradeon_rx_7600radeon_pro_w6300radeon_pro_w6600xryzen_5_5500hradeon_pro_w7500radeon_rx_vega_56_firmwareradeon_rx_7600mcore_i7-8709gryzen_7_4700uradeon_pro_w6600mryzen_5_5600gecore_i7-8705gryzen_3_4300uradeon_pro_w5500ryzen_3_5300geryzen_5_4500ryzen_3_4100ryzen_7_4800hsradeon_pro_w5700xradeon_pro_w6800ryzen_7_5700geradeon_rx_6600radeon_rx_vega_64ryzen_3_5300gryzen_5_4600gnuc_kit_nuc8i7hnknuc_kit_nuc8i7hvkryzen_5_pro_3350gryzen_5_4600hradeon_pro_w7800radeon_rx_6700sradeon_rx_5300_xtradeon_rx_6800sRadeonâ„¢ RX Vega Series Graphics CardsRadeonâ„¢ PRO WX Vega Series Graphics CardsRadeonâ„¢ RX 5000/6000/7000 Series Graphics CardsRadeonâ„¢ PRO W5000/W6000/W7000 Series Graphics Cards
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-20236
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.63%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 16:39
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8201ncs_4216ncs_5001ncs_5002asr_9010ncs_400982028208ncs_1001asr_9902ncs_551682188212ncs_4206asr_9006ncs_4016ncs_540ncs_57b1-5dse-sysncs_57c3-mods-sysios_xrncs_55008831ncs_4201ncs_5508asr_9903ncs_5501ncs_57c1-48q6-sysasr_9000ncs_560880488128818ncs_5011asr_9001ncs_5504asr_9000vasr_9910asr_99068808asr_9904asr_9920asr_9912asr_9922ncs_57c3-mod-sysncs_1004ncs_560-4ncs_560-7ncs_1002ncs_4202ncs_5502asr_9901ncs_57b1-6d24-sysCisco IOS XR Softwareios_xr_software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-1811
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.13%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1809
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 5.57%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6332-16upn7k-m206fq-23lnexus_7000_supervisor_1nx-os7000_10-slotn77-f348xp-23ucs_6248upnexus_7000_supervisor_2nexus_7700_supervisor_3e7000_18-slotn77-m324fq-25ln7k-m202cf-22ln7k-f248xp-25eucs_6324n77-f324fq-25n7k-f312fq-257000_9-slotnexus_7700_supervisor_2e7700_2-slotucs_6332n77-m312cq-26ln7k-m324fq-25lmds_9718ucs_6296upn7k-f306ck-25nexus_7000_supervisor_2e7700_10-slotn77-m348xp-23ln77-f430cq-367700_18-slotn77-f312ck-26mds_9710n7k-m348xp-25l7000_4-slotmds_9706n7k-m224xp-23l7700_6-slotCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1813
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1812
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1810
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.93%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-n9k-c9232cn3k-c3164qn9k-c92304qcnx-osn3k-c3232cCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-12662
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.10%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_34200yc-smnexus_56128pnexus_3172tqnx-osnexus_3548-x_firmwarenexus_93128txnexus_9336pq_aci_spinenexus_3172tq_firmwarenexus_3172pq-xl_firmwarenexus_3064-t_firmwarenexus_3524-x_firmwarenexus_9332cnexus_3132q-vnexus_7000_9-slotnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_7000_10-slot_firmwarenexus_9272qnexus_56128p_firmwarenexus_93180yc-fxnexus_3548_firmwarenexus_3432d-snexus_3264q_firmwarenexus_3524nexus_7000_4-slotnexus_7700_6-slotnexus_5548p_firmwarenexus_3016nexus_92304qcnexus_5596t_firmwarenexus_7000_9-slot_firmwarenexus_3048nexus_9372tx-enexus_93360yc-fx2nexus_3524-xlnexus_5548up_firmwarenexus_9396txnexus_3432d-s_firmwarenexus_7000_10-slotnexus_3064nexus_7700_18-slot_firmwarenexus_3132q-v_firmwarenexus_5548upnexus_9396pxnexus_5672up_firmwarenexus_5596tnexus_7700_2-slotnexus_9372txnexus_5624qnexus_3264c-e_firmwarenexus_3064-tnexus_3132q-xl_firmwarenexus_3408-snexus_9372px-enexus_7000_18-slotnexus_5596up_firmwarenexus_6004_firmwarenexus_9332pqnexus_93108tc-exnexus_9508nexus_93120txnexus_31108tc-v_firmwarenexus_6004nexus_7700_6-slot_firmwarenexus_3132q_firmwarenexus_3548-xlnexus_31128pqnexus_9364cnexus_3164qnexus_3408-s_firmwarenexus_3132c-znexus_5548pnexus_5648qmds_9000nexus_34180yc_firmwarenexus_3464cnexus_93216tc-fx2nexus_3048_firmwarenexus_31128pq_firmwarenexus_3164q_firmwarenexus_5672upnexus_3524-xl_firmwarenexus_3264qnexus_7700_2-slot_firmwarenexus_34180ycnexus_3232c_firmwarenexus_9000vnexus_31108pc-vnexus_5624q_firmwarenexus_7700_18-slotnexus_5596upnexus_5696q_firmwarenexus_34200yc-sm_firmwarenexus_3464c_firmwarenexus_3064_firmwarenexus_3172tq-32t_firmwarenexus_3548nexus_3132qnexus_5648q_firmwarenexus_9372pxnexus_3524_firmwarenexus_5696qnexus_92160yc-xnexus_31108pc-v_firmwarenexus_7700_10-slotnexus_9504nexus_6001nexus_3172_firmwarenexus_93108tc-fxnexus_7000_4-slot_firmwarenexus_92300ycnexus_3172tq-xl_firmwarenexus_3232cnexus_3548-xl_firmwarenexus_6001_firmwarenexus_3264c-enexus_93240yc-fx2nexus_7700_10-slot_firmwareios_xenexus_3548-xnexus_3132q-xlnexus_3172tq-xlnexus_93180yc-exnexus_3132c-z_firmwarenexus_9236cnexus_9516nexus_3016_firmwarenexus_3172pq-xlnexus_7000_18-slot_firmwareCisco NX-OS Software 6.0(2)A1(1)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-12649
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:05
Updated-20 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3850-24xs-ecatalyst_3850-32xs-ecatalyst_3850-12s-scatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_3850-24u-lcatalyst_3850-24p-scatalyst_9300l-24t-4g-acatalyst_3850-16xs-scatalyst_3850-48f-scatalyst_3850-24u-scatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_c3850-12x48u-lcatalyst_9300l-24t-4x-ecatalyst_9300-48un-ecatalyst_9300-48p-acatalyst_9300-24s-acatalyst_9300l-24p-4g-ecatalyst_3850-48f-ecatalyst_9300l-48t-4x-acatalyst_3850-48u-lcatalyst_9300l-24p-4g-acatalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_9300-24t-ecatalyst_9300l-24t-4g-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_9300-48s-ecatalyst_9300-24u-acatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_9300lcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_9300-24u-ecatalyst_3850-24xu-ecatalyst_3850-48p-scatalyst_9300l-48p-4g-acatalyst_9300-48un-acatalyst_3850-48u-scatalyst_9300l-48t-4g-acatalyst_3850-16xs-eioscatalyst_9300-24p-ecatalyst_3850-48xs-f-ecatalyst_9300-48uxm-ecatalyst_9300-48t-acatalyst_3850-48p-ecatalyst_9300l-48t-4x-ecatalyst_3850-12s-ecatalyst_9300l-48p-4x-ecatalyst_3850-24p-lcatalyst_3850-48t-lcatalyst_3850-24t-ecatalyst_c3850-12x48u-ecatalyst_3850-24xs-scatalyst_9300l-48p-4x-acatalyst_9300-24s-ecatalyst_9300-48u-ecatalyst_9300-48u-acatalyst_9300-48s-acatalyst_3850-12xs-ecatalyst_3850-24u-ecatalyst_3850-48xs-sios_xecatalyst_3850-48p-lcatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_3850-48t-ecatalyst_3850-24xu-scatalyst_9300-24ux-ecatalyst_c3850-12x48u-sCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-34708
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 5.80%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 05:00
Updated-07 Nov, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018101-32h8201-32fhn540-24z8q2c-m8800_4-slotn540-28z4c-sys-an540x-16z4g8q2c-dn540-acc-sysn540-28z4c-sys-d8800_18-slotn540x-acc-sys8202n540-12z20g-sys-dn540x-12z16g-sys-dn540x-12z16g-sys-a8101-32fh8102-64h8800_8-slotn540-12z20g-sys-an540-24z8q2c-sys8800_12-slotios_xrn540x-16z4g8q2c-aCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-20143
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.50%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 16:12
Updated-22 Jul, 2025 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Secure Boot Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
Details not found