5 matches found
CVE-2024-20399
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configurati...
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 CVSS score: 6.0, concerns a case of command injection that allows an authenticated, local...
Cisco NX-OS Software CLI Comm Injection (cisco-sa-nxos-cmd-injection-xD9OhyOP)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This...