The US Cybersecurity and Infrastructure Security Agency (CISA) has added the Cisco NX-OS command injection bug, known as CVE-2024-20399, to its Catalog of Known Exploited Vulnerabilities (KEV). The vulnerability, with a CVSS score of 6.0, allows authenticated local attackers to execute arbitrary commands on vulnerable switches as root. The issue was first observed by cybersecurity firm Sygnia in April 2024, where a threat group called ‘Velvet Ant’ exploited the vulnerability to deploy malware on Cisco Nexus devices.
The affected devices include the MDS 9000 Series Multilayer Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, and Nexus 9000 Series Switches in NX-OS Standalone Mode. Cisco recommends monitoring credential usage for administrative users and provides the Cisco Software Checker to help determine if devices are vulnerable.
Federal agencies are required to address the vulnerability by July 23, 2024, as per Binding Operational Directive (BOD) 22-01. Private organizations are advised to review the Catalog of Known Exploited Vulnerabilities and address any vulnerabilities in their infrastructure to protect against potential attacks. The disclosure of this vulnerability highlights the importance of timely patching and monitoring for potential exploitation in both government and private sector networks.
In conclusion, the Cisco NX-OS command injection vulnerability poses a significant risk to organizations using the affected devices. It is essential for users to apply patches promptly, monitor for unauthorized activity, and follow the guidance provided by CISA and Cisco to mitigate the threat posed by this exploit.
Article Source
https://securityaffairs.com/165415/security/cisa-adds-cisco-nx-os-command-injection-bug-known-exploited-vulnerabilities-catalog.html