Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
What is the CVE identifier for the Cisco NX-OS software flaw?
The CVE identifier for the Cisco NX-OS software flaw is CVE-2024-20399. It is a command injection vulnerability that allows an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device3.
What type of vulnerability does CVE-2024-20399 represent?
CVE-2024-20399 represents a command injection vulnerability in the CLI of Cisco NX-OS Software, which allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device14. The vulnerability is due to insufficient validation of arguments passed to specific configuration CLI commands, and an attacker can exploit it by including crafted input as the argument of an affected configuration CLI command1.
How does the Velvet Ant group exploit the Cisco vulnerability?
The Velvet Ant group exploits the Cisco vulnerability (CVE-2024-20399) by leveraging insufficient validation of arguments passed to specific configuration CLI commands. This allows them to include crafted input as the argument of an affected configuration CLI command, execute arbitrary commands on the underlying operating system with root privileges, and remotely connect to compromised Cisco Nexus devices to upload additional files and execute code14.