Cisco has issued a warning about a zero-day exploit in its NX-OS software that is being actively exploited by a Chinese state-sponsored group known as Velvet Ant. The cybersecurity firm Sygnia first reported the issue to Cisco after detecting the exploit during an investigation into the activities of the Velvet Ant group.
According to Sygnia’s director of incident response, Amnon Kushnir, the threat actors behind Velvet Ant were able to collect administrator-level credentials to gain access to Cisco Nexus switches. They then deployed a custom malware that allowed them to remotely connect to compromised devices, upload additional files, and execute malicious code.
Cisco has described the vulnerability in more detail, stating that it allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. The vulnerability is a result of insufficient validation of arguments passed to specific configuration CLI commands, allowing attackers to exploit it by including a crafted input as an argument to an affected configuration CLI command. A successful exploit could grant the attacker root privileges on the operating system.
The list of vulnerable devices includes MDS 9000 Series Multilayer Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, and Nexus 9000 Series Switches in NX-OS Standalone Mode. Cisco has released software updates for these devices and urges all customers to update immediately to mitigate the risk of exploitation.
In response to the threat posed by the Velvet Ant group, Cisco is actively working to address the vulnerability and protect its customers. Organizations using Cisco Nexus switches are advised to stay vigilant and apply the necessary software updates as soon as possible to protect their networks and data from potential unauthorized access and exploitation by threat actors. Cisco’s swift response to this zero-day exploit highlights the importance of proactive cybersecurity measures in defending against advanced cyber threats.
Article Source
https://www.webpronews.com/chinese-hacker-group-targeting-cisco-nx-os-vulnerability/