CVE-2021-1453: A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow a...

Description

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.

Metrics

CVSS 3.1

6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.22%

12.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-347

Affected Software

Vendor	Product	Versions
Cisco	Ios Xe	3.15.1xbs
Cisco	Ios Xe	3.15.2xbs
Cisco	Ios Xe	16.6.1
Cisco	Ios Xe	16.6.2
Cisco	Ios Xe	16.6.3
Cisco	Ios Xe	16.6.4
Cisco	Ios Xe	16.6.4a
Cisco	Ios Xe	16.6.4s
Cisco	Ios Xe	16.6.5
Cisco	Ios Xe	16.6.6
Cisco	Ios Xe	16.6.7
Cisco	Ios Xe	16.6.8
Cisco	Ios Xe	16.7.1
Cisco	Ios Xe	16.8.1
Cisco	Ios Xe	16.8.1a
Cisco	Ios Xe	16.8.1s
Cisco	Ios Xe	16.9.1
Cisco	Ios Xe	16.9.1s
Cisco	Ios Xe	16.9.2
Cisco	Ios Xe	16.9.2s
Cisco	Ios Xe	16.9.3
Cisco	Ios Xe	16.9.3s
Cisco	Ios Xe	16.9.4
Cisco	Ios Xe	16.9.5
Cisco	Ios Xe	16.9.6
Cisco	Ios Xe	16.10.1
Cisco	Ios Xe	16.10.1e
Cisco	Ios Xe	16.10.1s
Cisco	Ios Xe	16.11.1
Cisco	Ios Xe	16.11.1b
Cisco	Ios Xe	16.11.1c
Cisco	Ios Xe	16.11.1s
Cisco	Ios Xe	16.11.2
Cisco	Ios Xe	16.12.1
Cisco	Ios Xe	16.12.1c
Cisco	Ios Xe	16.12.1s
Cisco	Ios Xe	16.12.2
Cisco	Ios Xe	16.12.2s
Cisco	Ios Xe	16.12.2t
Cisco	Ios Xe	16.12.3
Cisco	Ios Xe	16.12.3a
Cisco	Ios Xe	16.12.3s
Cisco	Ios Xe	16.12.4
Cisco	Ios Xe	16.12.4a
Cisco	Ios Xe	17.1.1
Cisco	Ios Xe	17.1.1s
Cisco	Ios Xe	17.1.1t
Cisco	Ios Xe	17.1.2
Cisco	Ios Xe	17.2.1
Cisco	Ios Xe	17.2.1a

Showing 50 of 55 affected configurations. See NVD for the full list.

References

Timeline

Published: Mar 24, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-1453?

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.

How severe is CVE-2021-1453?

CVE-2021-1453 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.

How do I fix CVE-2021-1453?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.