Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute arbitrary code at boot time and break the chain of trust. This vulnerability is due to insufficient validation of software at boot time. An attacker could exploit this vulnerability by manipulating the loaded binaries on an affected device to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to execute code that bypasses the requirement to run Cisco-signed images. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates because this vulnerability allows an attacker to bypass a major security feature of a device.
AnalysisAI
This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.
Technical ContextAI
This vulnerability exists in the bootloader validation logic of Cisco IOS XE Software, classified under CWE-124 (Buffer Underflow), which relates to insufficient validation of software integrity at boot time. The affected products (identified via CPE cpe:2.3:a:cisco:cisco_ios_xe_software) span multiple hardware platforms including modular switches (Catalyst 9200 series), embedded switches (ESS9300), and rugged industrial switches (IE9310, IE9320, IE3500, IE3505). The bootloader performs integrity checks using cryptographic signatures to enforce that only Cisco-signed binaries execute. The vulnerability stems from incomplete validation logic that allows manipulation of binaries in storage to bypass signature verification, fundamentally undermining the secure boot chain of trust that prevents unauthorized code execution at the lowest privilege level of the device.
RemediationAI
Immediately consult the Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-secureboot-bypass-B6uYxYSZ) for patched IOS XE versions specific to your hardware platform and current software train. Upgrade to a confirmed patched release for your Catalyst or IE series switch as recommended by Cisco. Until patching is feasible, implement compensating controls: restrict physical access to affected switches to authorized personnel only, enforce strong authentication and authorization for administrative access (enforce level-15 privilege requirements), disable unnecessary local access ports, monitor for unauthorized binary modifications through file integrity checking tools, and consider network segmentation to limit exposure of compromised switches to critical systems. For supply-chain security, verify that replacement or pre-staged devices are running patched firmware versions before deployment.
Same weakness CWE-124 – Buffer Underwrite ('Buffer Underflow')
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15435
GHSA-38h5-57rq-7mj8