Cisco Releases Advisory for Exploited Vulnerability in NX-OS software


Cisco has released a security advisory for a vulnerability in the command line interface (CLI) of the NX-OS software in Nexus series switches, which are modular and fixed port network switches designed for data centres.

The command injection vulnerability known as CVE-2024-20399 has a CVSSv3 score of 6.0 and is rated at Medium by Cisco. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command, leading to arbitrary command execution on the underlying operating system with the privileges of root. This vulnerability is being exploited in the wild.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes

    April 25, 2024

    A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments. A Cisco spokesperson declined to comment on which country the snooping crew – tracked as ...

  • Almost every Chinese keyboard app has a security flaw that reveals what users type

    April 24, 2024

    Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state ...

  • Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

    April 22, 2024

    This threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made. Updated April 19 to include information on observed levels of attempted exploitation and relative prevalence of those levels, with unsuccessful ...

  • MITRE says it was hit by hackers exploiting Ivanti flaws

    April 22, 2024

    The not-for-profit research and development organization MITRE suffered a cyberattack early this year, with the attack apparently hindering some operations, but there was no talk of stolen data. In a breach notification published on the MITRE website late last week, CEO and president Jason Providakes explained what happened and what the organization was doing about it. Read ...

  • How secret rise of zero-day brokers is causing worldwide security risks

    April 18, 2024

    Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about. Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it ...

  • Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

    April 17, 2024

    Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. OpenMetadata is an open-source platform designed to manage metadata across various data sources. It serves as a central repository for metadata lineage, ...