Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability

Vulnerability

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This issue is due to an improper check in the code function that manages the verification of digital signatures of system image files during the initial boot process. Affected versions include all Cisco IOS XE Software releases prior to the fixed releases indicated in the advisory [1].

Exploitation

An attacker can exploit this vulnerability by loading unsigned software on an affected device. To do so, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell. In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism; however, an attacker with level-15 privileges could downgrade the software to a release where root shell access is more readily available [1].

Impact

Successful exploitation allows the attacker to boot a malicious software image or execute unsigned code, bypassing the image verification check during the boot process. This can lead to arbitrary code execution at system boot, potentially compromising the entire device and its network functions [1].

Mitigation

Cisco has released free software updates to address this vulnerability. Customers are advised to upgrade to a fixed Cisco IOS XE Software release as specified in the Cisco Security Advisory. No workarounds are available. The Consent Token mechanism in releases 16.11.1 and later reduces the attack surface, but level-15 users can still downgrade to an earlier release [1].