CVE-2026-20104
Bootloader Code Execution Vulnerability in Cisco Catalyst Switches
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xe | * |
| cisco | catalyst_9200_series_switches | * |
| cisco | catalyst_ess9300_embedded_series_switches | * |
| cisco | catalyst_ie9310_rugged_series_switches | * |
| cisco | catalyst_ie9320_rugged_series_switches | * |
| cisco | ie3500_rugged_series_switches | * |
| cisco | ie3505_rugged_series_switches | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-124 | The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the bootloader of Cisco IOS XE Software for several Cisco Catalyst and Cisco IE rugged series switches. It allows an attacker, either authenticated with high-level privileges or unauthenticated but with physical access, to execute arbitrary code during the device's boot process.
The root cause is insufficient validation of software at boot time, which lets an attacker manipulate the loaded binaries to bypass integrity checks. This means the attacker can run code that circumvents the requirement to use Cisco-signed images, effectively breaking the chain of trust.
Cisco rates this vulnerability as High impact because it allows bypassing a major security feature of the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to bypass a major security feature by executing arbitrary code at boot time, which compromises the integrity and trust of the device's software. This type of security breach can potentially lead to unauthorized access or manipulation of sensitive data.
Such a compromise could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strong security controls to protect data integrity and confidentiality. However, the provided information does not explicitly state the direct effects on compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific commands or detection methods provided to identify this vulnerability on your network or system.
Cisco provides a Software Checker tool to help customers identify affected releases and the earliest fixed versions, which can assist in determining if your device is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
No workarounds exist for this vulnerability.
Cisco strongly recommends upgrading to fixed software releases to fully remediate the issue.
How can this vulnerability impact me? :
Exploiting this vulnerability could allow an attacker to execute unauthorized code at boot time, potentially compromising the device's security and integrity.
This could lead to the attacker gaining persistent control over the device, bypassing security controls, and possibly disrupting network operations or intercepting sensitive data.