Cisco patched a NX-OS zero-day, identified as CVE-2024-20399 (CVSS score of 6.0), which the China-linked group Velvet Ant used to deploy previously unidentified malware as root on vulnerable switches.
The bug exists in the CLI of Cisco NX-OS Software; an authenticated, local attacker can exploit it to execute arbitrary commands as root on the underlying operating system of the affected device.
“This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command.” reads the advisory issued by Cisco. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.”
The IT giant emphasised that only hackers with Administrator privileges can successfully exploit this vulnerability on a Cisco NX-OS system. In April 2024, researchers informed the Cisco Product Security Incident Response Team (PSIRT) that the vulnerability was actively exploited in the wild. Sygnia, a cybersecurity firm
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: