A China-linked cyberespionage threat actor known as “Velvet Ant” is now targeting a medium-severity zero-day vulnerability found in the NX-OS network operating system made by IT and networking firm Cisco Systems.
The security defect, identified as CVE-2024-20399 with a CVSS score of 6, goes for the operating system’s command line interface and allows the hacker to run any command or code with root privileges.
“An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root,” Cisco’s security advisory reads.
The company also noted that the successful exploit of this vulnerability on a Cisco NX-OS device is contingent on the attacker having access to administrator credentials.
“Cisco has released software updates for certain Cisco NX-OS hardware platforms and will continue to release fixes as they become available. There are no workarounds that address this vulnerability,” the company warned.
The list of vulnerable Cisco products include the Nexus 3000, 6000, and 7000 Series Switches; the Nexus 5500 and 5600 Platform Switches; the MDS 9000 Series Multilayer Switches; and the Nexus 9000 Series Switches in standalone NX-OS mode.
These data center switches provide companies with scalable infrastructure, allow easier programming, lowers total cost of ownership through energy efficiency, and delivers faster application performance powered by Cisco silicon.