Cisco NX-OS Software Vulnerability: Arbitrary Command Execution as Root

CVE-2024-20399
6.7MEDIUM

Key Information

Vendor
Cisco
Status
Cisco Nx-os Software
Vendor
CVE Published:
1 July 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The vulnerability CVE-2024-20399 affects Cisco NX-OS Software and allows an authenticated, local attacker to execute arbitrary commands as root on the affected device. This is a command injection vulnerability with a CVSS risk score of 6.0, and it has been exploited by the Chinese hacker group Velvet Ant for network espionage activities. The vulnerability affects a wide range of Cisco Nexus products and requires the attacker to have Administrator credentials. Cisco has released new software to patch the vulnerability and urges IT professionals to apply the update promptly to mitigate the risk. The exploit of this vulnerability allows the attacker to remotely access Nexus devices and execute malicious code, potentially leading to data breaches and further attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-20399 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Cisco NX-OS Software = 6.0(2)A6(1)

Cisco NX-OS Software = 6.0(2)A6(1a)

Cisco NX-OS Software = 6.0(2)A6(2)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-20399-Cisco-RCE
Created by Blootus

News Articles

favicon imageCyberWire

Hackers target recently disclosed LiteSpeed Cache vulnerability.

Halliburton sustains cyberattack. Chinese threat actor exploited Cisco zero-day.

4 weeks ago

favicon imageSC Media

Zero-day Cisco switch bug being exploited by cyber actors

The flaw, tracked as CVE-2024-20399 with a CVSS score of 6.0, allows attackers with valid admin credentials to bypass the NX-OS command line interface and execute arbitrary commands on the underlying Linux OS.

1 month ago

favicon imageThe Hacker News

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Chinese hackers exploit Cisco switch vulnerability to gain system control and evade detection. Cybersecurity firm uncovers sophisticated espionage cam

1 month ago

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: 6.7 to: 6 - (MEDIUM)

  • First article discovered by SecurityWeek

  • Vulnerability published.

  • Vulnerability Reserved.

  • 👾

    Exploit exists.

Collectors

NVD DatabaseMitre DatabaseCISA Database1 Proof of Concept(s)8 News Article(s)
.