A recent report has shown that Chinese state-backed hackers took advantage of a zero-day vulnerability in Cisco Nexus switches that had just been patched. Cisco released a fix for CVE-2024-20399, a flaw in the Cisco NX-OS software’s command-line interface that could allow a local attacker to run arbitrary commands as root with administrator privileges.
The vulnerability was identified as a result of insufficient validation of input arguments for specific CLI configuration commands, allowing an attacker to execute commands with root privileges on the underlying operating system. Despite the need for administrator privileges and access to specific configuration commands, the bug received a CVSS score of 6.
The Chinese threat group Velvet Ant was found to have exploited the vulnerability in an attack discovered in April, using custom malware to connect remotely to compromised Cisco Nexus devices, upload additional files, and execute code on the devices. This incident highlights the importance of adhering to security best practices, maintaining centralized logging and network monitoring for switches, and implementing measures such as regular patching, strong password hygiene, and restricted administrative access.
Velvet Ant has previously been associated with a sophisticated cyberespionage campaign involving compromised F5 BIG-IP load balancers for persistence. Sygnia, the security vendor that discovered the attack, emphasized the need for Cisco customers to prioritize security measures to protect against such threats, given the increasing sophistication of threat groups targeting network devices.
In conclusion, the exploit of the zero-day vulnerability in Cisco Nexus switches by Chinese state-backed hackers underscores the ongoing efforts to exploit network security weaknesses, highlighting the importance of proactive security measures to safeguard against such attacks. Cisco customers are urged to take steps to enhance security practices and defend against potential cyber threats targeting their network infrastructure.
Article Source
https://www.infosecurity-magazine.com/news/cisco-patches-zeroday-bug-chinese/
