Cisco has recently patched a medium severity zero-day vulnerability in the command-line interface (CLI) of their Nexus operating system (NX-OS) software. This vulnerability could potentially allow an attacker with valid administrator credentials for the Nexus console to execute arbitrary commands on the Linux operating system with root privileges. In their advisory released on July 1st, Cisco warned that exploiting this vulnerability could lead to unauthorized access to sensitive data, system control, and file modification.
The discovery of this zero-day vulnerability was made by the Sygnia research team in April and reported to Cisco. This vulnerability, identified as CVE-2024-20399, was found to have been exploited in the wild. Sygnia’s investigation into a China-linked cyber espionage operation led to the discovery of this new zero-day vulnerability. The threat actor behind this operation, known as Velvet Ant, was able to maintain persistence on a corporate network for three years by exploiting vulnerabilities in legacy F5 BigIP load balancers.
Narayana Pappu, CEO of Zendata, expressed concern over the ability of threat actors like Velvet Ant to persist on networks for extended periods of time. He emphasized the importance of improved detection and monitoring capabilities to combat such high-impact threats. Additionally, the use of Cisco Nexus switches in data center networks poses supply chain risks for various businesses.
Venky Raju, Field CTO at ColorTokens, highlighted the risk posed by this vulnerability in allowing attackers to infiltrate enterprise networks and potentially act as insiders. He noted that many companies lack adequate protection measures against insider threats, making it crucial to adopt a zero-trust mindset and implement micro-segmentation to limit lateral movement across networks.
In response to this zero-day vulnerability, Cisco has issued a patch to address the issue in their NX-OS software. Organizations using Cisco Nexus switches are advised to apply the patch promptly to mitigate the risk of exploitation by threat actors. This incident serves as a reminder of the evolving cyber threat landscape and the importance of robust security measures to safeguard sensitive data and critical systems from malicious attacks.
Article Source
https://www.scmagazine.com/news/cisco-patches-medium-severity-zero-day-in-its-nx-os-nexus-switch-software