The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399<\/a>, to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
This week, Cisco addressed<\/a> an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group\u00a0Velvet Ant<\/a>\u00a0exploited to deploy previously unknown malware as root on vulnerable switches.<\/p>\n\n\n\n
\u201cThis vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command.\u201d reads the advisory<\/a> published by Cisco. \u201cA successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root<\/em>.\u201d<\/p>\n\n\n\n
\u201cSygnia identified that CVE-2024-20399 was exploited in the wild by a China-nexus threat group as a \u2018zero-day\u2019 and shared the details of the vulnerability with Cisco. By exploiting this vulnerability, a threat group \u2013 dubbed \u2018Velvet Ant\u2019 \u2013 successfully executed commands on the underlying operating system of Cisco Nexus devices.\u201d reads the report<\/strong><\/a> published by Sygnia. \u201cThis exploitation led to the execution of a previously unknown custom malware that allowed the threat group to remotely connect to compromised Cisco Nexus devices, upload additional files, and execute code on the devices.\u201c<\/em><\/p>\n\n\n\n
The vulnerability impacts the following devices:<\/p>\n\n\n\n
Cisco recommends customers monitor the use of credentials for the administrative users network-admin<\/strong> and vdc-admin<\/strong>.<\/p>\n\n\n\n
Cisco provides the\u00a0Cisco Software Checker<\/a>\u00a0to help customers determine if their devices are vulnerable to this flaw.<\/p>\n\n\n\n
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/p>\n\n\n\n
Experts recommend also private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.
Pierluigi\u00a0Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Known Exploited Vulnerabilities catalog)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"