Cisco NX-OS Software Vulnerability: Arbitrary Command Execution as Root

CVE-2024-20399

6.7MEDIUM

Key Information

Vendor
Cisco
Status
Cisco Nx-os Software
Vendor
CVE Published:
1 July 2024

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

The vulnerability CVE-2024-20399 affects Cisco NX-OS Software and allows an authenticated, local attacker to execute arbitrary commands as root on the affected device. This is a command injection vulnerability with a CVSS risk score of 6.0, and it has been exploited by the Chinese hacker group Velvet Ant for network espionage activities. The vulnerability affects a wide range of Cisco Nexus products and requires the attacker to have Administrator credentials. Cisco has released new software to patch the vulnerability and urges IT professionals to apply the update promptly to mitigate the risk. The exploit of this vulnerability allows the attacker to remotely access Nexus devices and execute malicious code, potentially leading to data breaches and further attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-20399 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Cisco NX-OS Software = 6.0(2)A6(1)

Cisco NX-OS Software = 6.0(2)A6(1a)

Cisco NX-OS Software = 6.0(2)A6(2)

News Articles

favicon imageCyberWire

Hackers target recently disclosed LiteSpeed Cache vulnerability.

Halliburton sustains cyberattack. Chinese threat actor exploited Cisco zero-day.

4 months ago

favicon imageSC Media

Zero-day Cisco switch bug being exploited by cyber actors

The flaw, tracked as CVE-2024-20399 with a CVSS score of 6.0, allows attackers with valid admin credentials to bypass the NX-OS command line interface and execute arbitrary commands on the underlying Linux OS.

4 months ago

favicon imageThe Hacker News

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Chinese hackers exploit Cisco switch vulnerability to gain system control and evade detection. Cybersecurity firm uncovers sophisticated espionage cam

4 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://www.sygnia.co/threat-reports-and-advisories/china...

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database0 Proof of Concept(s)8 News Article(s)
.