The US Cybersecurity and Infrastructure Security Agency (CISA) has added the Cisco NX-OS command injection bug, known as CVE-2024-20399, to its Catalog of Known Exploited Vulnerabilities (KEV). The vulnerability, with a CVSS score of 6.0, allows authenticated local attackers to execute arbitrary commands on vulnerable switches as root. The issue was first observed by cybersecurity … Read more
Cisco has issued a warning about a zero-day exploit in its NX-OS software that is being actively exploited by a Chinese state-sponsored group known as Velvet Ant. The cybersecurity firm Sygnia first reported the issue to Cisco after detecting the exploit during an investigation into the activities of the Velvet Ant group. According to Sygnia’s … Read more
Cisco has recently patched a medium severity zero-day vulnerability in the command-line interface (CLI) of their Nexus operating system (NX-OS) software. This vulnerability could potentially allow an attacker with valid administrator credentials for the Nexus console to execute arbitrary commands on the Linux operating system with root privileges. In their advisory released on July 1st, … Read more
A recent security threat has emerged as Chinese hackers have been found exploiting a new zero-day vulnerability in Cisco NX-OS. This hacking activity was reported by SC Media, revealing concerns about potential cyber attacks on an undetermined scale. The zero-day vulnerability in Cisco NX-OS poses a significant risk to organizations and individuals who use this … Read more
Cisco recently released a patch for a zero-day vulnerability in its NX-OS operating system that was exploited by Chinese cyber spies. The vulnerability allowed attackers to remotely execute malicious code on affected devices. The exploitation of this vulnerability was reportedly part of a larger cyber espionage campaign conducted by Chinese threat actors. Cisco’s prompt response … Read more
A China-linked group, Velvet Ant, exploited a zero-day vulnerability in Cisco NX-OS software, leading to the deployment of custom malware on vulnerable switches. The flaw, identified as CVE-2024-20399 with a CVSS score of 6.0, allowed attackers to execute arbitrary commands as root within the operating system of affected devices. Only attackers with administrator credentials could … Read more
Cisco has recently released security updates to address a critical vulnerability (CVE-2024-20399) in its Cisco NX-OS software. This vulnerability is actively being exploited and could allow an authenticated local attacker with administrator credentials to run arbitrary commands with root privileges on the underlying operating system. The affected Cisco switches include MDS 9000 Series Multilayer Switches, … Read more
A critical vulnerability has been identified in the command line interface (CLI) of Cisco NX operating system, allowing attackers to execute arbitrary commands as root on affected devices. This zero-day flaw, known as CVE-2024-20399, poses a significant threat to network security, especially for organizations using Cisco Nexus and MDS series switches. The vulnerability stems from … Read more
Cybersecurity researchers have identified a Chinese cyberespionage campaign targeting a vulnerability in Cisco’s NX-OS software. The threat group Velvet Ant was found deploying malware on Cisco Nexus switches. Sygnia, a cybersecurity firm, discovered the vulnerability and alerted Cisco, who then released updates to address it. The exploit allows attackers to execute arbitrary commands on the … Read more
Cisco recently patched a zero-day exploit in its NX-OS software that was used in cyber attacks back in April. The cybersecurity firm Sygnia identified the attacks as being carried out by a Chinese state-sponsored group known as Velvet Ant. The attackers were able to gain root access to vulnerable switches and install custom malware, allowing … Read more