iTnews Asia
  • Home
  • News
  • Security

Cisco Catalyst 9300 supply chain vulnerability patched

Cisco Catalyst 9300 supply chain vulnerability patched

Attacker with physical access could install "persistent code".

By Richard Chirgwin on Mar 23, 2023 12:09PM

Cisco has revealed a high-rated vulnerability in its Catalyst 9300 switch software that could allow persistent code to be installed by an attacker at boot time.

The bug, detailed here, requires “level-15 privileges”, or “an unauthenticated attacker with physical access” to be exploited.

That means a bad actor in the supply chain – for example, compromised reseller staff – could “execute persistent code at boot time and break the chain of trust”.

“This vulnerability is due to errors that occur when retrieving the public release key that is used for image signature verification," the advisory stated.

The switches are vulnerable if they’re running IOS XE software using an IOS XE ROM Monitor earlier than Release 17.3.7r, Release 17.6.5r, or Release 17.8.1r.

The bug was one of nine high-rated and nine medium-rated vulnerabilities disclosed today, including six related to the company’s IOS and IOS XE software.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
catalyst 9300 cisco security vulnerability

Related Articles

  • How can the Agentic AI workspace remain secure for APAC organisations?
  • AI-fuelled attacks forcing enterprises to rethink security architecture
  • Malicious AI agents can severely disrupt APAC enterprises
  • A data-first AI strategy is critical to managing security threats in 2026
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Identity is now the new cybersecurity battlefield

Identity is now the new cybersecurity battlefield

How can the Agentic AI workspace remain secure for APAC organisations?

How can the Agentic AI workspace remain secure for APAC organisations?

A data-first AI strategy is critical to managing security threats in 2026

A data-first AI strategy is critical to managing security threats in 2026

AI-fuelled attacks forcing enterprises to rethink security architecture

AI-fuelled attacks forcing enterprises to rethink security architecture

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.