Cisco NX-OS Software Vulnerability: Arbitrary Command Execution as Root
Key Information
- Vendor
- Cisco
- Status
- Cisco Nx-os Software
- Vendor
- CVE Published:
- 1 July 2024
Badges
Summary
The vulnerability CVE-2024-20399 affects Cisco NX-OS Software and allows an authenticated, local attacker to execute arbitrary commands as root on the affected device. This is a command injection vulnerability with a CVSS risk score of 6.0, and it has been exploited by the Chinese hacker group Velvet Ant for network espionage activities. The vulnerability affects a wide range of Cisco Nexus products and requires the attacker to have Administrator credentials. Cisco has released new software to patch the vulnerability and urges IT professionals to apply the update promptly to mitigate the risk. The exploit of this vulnerability allows the attacker to remotely access Nexus devices and execute malicious code, potentially leading to data breaches and further attacks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-20399 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Cisco NX-OS Software = 6.0(2)A6(1)
Cisco NX-OS Software = 6.0(2)A6(1a)
Cisco NX-OS Software = 6.0(2)A6(2)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Hackers target recently disclosed LiteSpeed Cache vulnerability.
Halliburton sustains cyberattack. Chinese threat actor exploited Cisco zero-day.
4 weeks ago
Zero-day Cisco switch bug being exploited by cyber actors
The flaw, tracked as CVE-2024-20399 with a CVSS score of 6.0, allows attackers with valid admin credentials to bypass the NX-OS command line interface and execute arbitrary commands on the underlying Linux OS.
1 month ago
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Chinese hackers exploit Cisco switch vulnerability to gain system control and evade detection. Cybersecurity firm uncovers sophisticated espionage cam
1 month ago
CVSS V3.1
Timeline
Risk change from: 6.7 to: 6 - (MEDIUM)
First article discovered by SecurityWeek
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.