HomeRisk ManagementsCisco Patches an Exploited Zero-Day Vulnerability from databreachtoday.com

Cisco Patches an Exploited Zero-Day Vulnerability from databreachtoday.com

Published on

spot_img

In a recent cyber attack development, China-nexus hackers, known as Velvet Ant, were able to exploit a zero-day vulnerability in Cisco’s NX-OS software back in April. This allowed the hackers to execute arbitrary commands on compromised devices, posing a significant threat to cybersecurity.

Cisco addressed this critical issue on Monday by releasing a patch for the zero-day vulnerability. The discovery of this exploit was credited to cybersecurity firm Sygnia, who identified the remote connection made by Velvet Ant to the NX-OS software used in Cisco switches. The hacker group was able to execute malicious code, gaining root access to the compromised devices.

The vulnerability, tracked as CVE-2024-20399, enabled authenticated local attackers to run commands as root, highlighting the severity of the flaw. This type of command injection vulnerability can be particularly dangerous as it allows attackers to execute commands without triggering system syslog messages, making it challenging to detect malicious activities.

Despite the potential for code execution and the prevalence of Cisco Nexus switches in enterprise environments, the vulnerability is rated relatively low on the Common Vulnerability Scoring System (CVSS) scale. The reason for this lower rating is the requirement for attackers to already have admin credentials and specific command configurations to successfully exploit the vulnerability. Additionally, most Nexus switches are not directly exposed to the internet, further limiting the threat surface for potential attacks.

However, this incident underscores the trend of sophisticated threat groups leveraging network appliances, like switches, to maintain persistent access within corporate networks. Network appliances are often overlooked in terms of security measures, making them attractive targets for cybercriminals seeking to infiltrate organizations.

In a related incident, the same threat actor used outdated F5 BIG-IP appliances to deploy custom malware and steal sensitive data from an East Asian company. The malicious campaign went undetected for three years, underscoring the need for increased vigilance and proactive security measures within organizations.

To mitigate the risk posed by this zero-day vulnerability, Cisco recommends that companies update their admin credentials and closely monitor network activity. Admins can also utilize Cisco’s software checker page to assess their devices’ exposure and take necessary precautions to prevent potential attacks.

Overall, the exploitation of this zero-day vulnerability by China-nexus hackers highlights the ongoing threat of cyber attacks and the importance of robust security practices to safeguard against advanced threats in today’s digital landscape.

Source link

Latest articles

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...

Women’s Care and Pulmonary Sleep Breaches

In a concerning trend for healthcare security, two healthcare providers have publicly revealed data...

More like this

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...