Cisco patched a medium severity zero-day vulnerability in the command line interface (CLI) of the vendor’s Nexus operating system (NX-OS) software that could let an attacker with valid administrator credentials to the Nexus console execute arbitrary commands on the underlaying Linux operating system.
In a July 1 advisory, Cisco said in exploiting the vulnerability, an attacker could execute arbitrary commands of the underlying operating system with root privileges. When attackers have root privileges they can potentially access sensitive data, control systems and modify files
Cisco added that its Product Security Incident Response Team became aware in April from researchers at Sygnia that CVE-2024-20399 was exploited in the wild.
The research team at Sygnia also posted in a July 1 blog that said the new zero-day vulnerability was identified as part of a larger forensic investigation performed by Sygnia of a China-nexus cyber espionage operation that was conducted by a threat actor Sygnia callled Velvet Ant.
SC Media has previously reported that Sygnia found that Velvet Ant succeeded in establishing persistence in a corporate network at a large organization for three years by exploiting flaws in legacy F5 BigIP load balancers.
“The most concerning aspect is that Velvet Ant was able to persist on networks for three years in previous campaigns,” said Narayana Pappu, chief executive officer at Zendata. “This underscores the need for better detection and monitoring capabilities. It also highlights the role that companies like Syngia play in catching high-impact threats. Finally, Cisco Nexus switches are the backbone of data center networks, creating substantial supply chain risks for many types of companies.”
Venky Raju, Field CTO at ColorTokens, added that this vulnerability lets attackers plant themselves within the enterprise network and become “insiders.”
“Most businesses have not implemented adequate safeguards against insider threats, which presents a significant risk,” said Raju. “This is a stark reminder to adopt a zero-trust mindset and implement microsegmentation to minimize lateral movement across the entire network.”