Cisco has fixed an issue in a network management platform that allows attackers to execute commands on affected devices’ operating systems. The flaw, known as CVE-2024-20399 and rated as medium risk, can be exploited by authenticated users. The bug is located in the Cisco NX-OS Software CLI, enabling attackers to run arbitrary commands as root. The flaw affects a range of Cisco devices, but patches have been released to address the issue.
The vulnerability has already been exploited by the China-backed threat group Velvet Ant, allowing them to execute commands on the underlying Linux operating system of Cisco Nexus switches. Velvet Ant’s exploit of the flaw is part of a larger campaign involving custom malware that allows remote connection to compromised devices. The exploit highlights the need for organizations to patch vulnerable devices and follow security best practices to mitigate the risk of cyberattacks.
To protect against such threats, organizations are advised to restrict administrator access to network equipment, implement central authentication and authorization, and restrict switches from making outbound connections to the Internet. It is also recommended to enforce a strong password policy and maintain regular patch schedules to keep devices updated and secure.
Overall, the incident underscores the importance of securing network environments and following best practices to prevent cyberattacks. Organizations should take immediate action to patch vulnerable devices and strengthen their security posture to avoid falling victim to similar threats.
Article Source
https://www.darkreading.com/vulnerabilities-threats/patch-now-cisco-zero-day-chinese-apt