Cisco recently addressed a critical zero-day vulnerability in its NX-OS software that was exploited in April attacks by the Chinese state-sponsored threat actor known as Velvet Ant. The vulnerability, tracked as CVE-2024-20399, allowed attackers with valid administrator credentials to execute arbitrary commands on affected devices. Velvet Ant used this flaw to install custom malware on compromised Cisco Nexus switches, enabling remote access and execution of additional code. To mitigate the risk, organizations are advised to update affected devices, restrict administrative access, centralize authentication management, enforce strong password policies, restrict outgoing Internet access, and implement regular patch management.
Additionally, improving monitoring and detection capabilities by enabling Syslog, integrating logs with a SIEM system, setting up alerts for suspicious activities, and analyzing network traffic can help identify and prevent similar attacks. The incident underscores the ongoing threat posed by state-sponsored cybercriminals and emphasizes the importance of proactive cybersecurity measures to protect network devices from exploitation. Cisco’s swift response in releasing software updates and Sygnia’s thorough investigation provide valuable insights for organizations to enhance their security posture and defend against such threats.
Article Source
https://thecyberexpress.com/cisco-zero-day-vulnerability/
