A critical vulnerability has been identified in the command line interface (CLI) of Cisco NX operating system, allowing attackers to execute arbitrary commands as root on affected devices. This zero-day flaw, known as CVE-2024-20399, poses a significant threat to network security, especially for organizations using Cisco Nexus and MDS series switches. The vulnerability stems from inadequate validation of arguments passed to specific CLI configuration commands, enabling authenticated local attackers with administrator credentials to exploit it by providing crafted input. Successful exploitation grants the attacker root privileges on the operating system, enabling the execution of arbitrary commands.
Impacted products include MDS 9000 Series Multilayer Switches, Nexus 3000, 5500, 5600, 6000, 7000, and 9000 Series Switches in Standalone NX-OS Mode. Certain models within the Nexus 3000 and 9000 series are not affected if running Cisco NX-OS Software Releases 9.3(5) and later, with exceptions such as N3K-C3264C-E and N9K-C92348GC-X requiring upgrades to Releases 10.4.3 and later.
The vulnerability came to light in April 2024, with reports of active exploitation by a Chinese state-sponsored threat actor, Velvet Ant. This actor is deploying custom malware on compromised devices, facilitating remote connection, file upload, and execution of malicious code while evading detection by hiding system log messages. Cisco has released software updates to remedy the vulnerability, advising administrators to apply these updates promptly and regularly change the credentials of administrative users to reduce risks. The Cisco Software Checker Tool is available to determine exposure and find suitable software updates, accessible on the Cisco Software Checker page.
Organizations using affected Cisco products are encouraged to prioritize patching and continuously monitor their networks for signs of compromise. Prompt action and vigilance are crucial to mitigating the impact of this critical vulnerability on network security.
Article Source
https://cybersecuritynews.com/cisco-nx-os-zero-day-flaw/amp/
