Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

N/A

密码学签名的验证不恰当

Cisco NX-OS和Cisco IOS XE 数据伪造问题漏洞

Cisco NX-OS Software和IOS XE都是美国思科（Cisco）公司的产品。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。IOS XE是一套为其网络设备开发的操作系统。 Cisco NX-OS和Cisco IOS XE中存在数据伪造问题漏洞，该漏洞源于在安装Open Virtual Appliance (OVA)镜像过程中，程序没有进行正确的签名验证。本地攻击者可利用该漏洞加载恶意未签名的OVA镜像。以下产品及版本受到影响：Cisco Nexus 300

N/A

N/A