HomeRisk ManagementsCisco Patches an Exploited Zero-Day Vulnerability from databreachtoday.com

Cisco Patches an Exploited Zero-Day Vulnerability from databreachtoday.com

Published on

spot_img

In a recent cyber attack development, China-nexus hackers, known as Velvet Ant, were able to exploit a zero-day vulnerability in Cisco’s NX-OS software back in April. This allowed the hackers to execute arbitrary commands on compromised devices, posing a significant threat to cybersecurity.

Cisco addressed this critical issue on Monday by releasing a patch for the zero-day vulnerability. The discovery of this exploit was credited to cybersecurity firm Sygnia, who identified the remote connection made by Velvet Ant to the NX-OS software used in Cisco switches. The hacker group was able to execute malicious code, gaining root access to the compromised devices.

The vulnerability, tracked as CVE-2024-20399, enabled authenticated local attackers to run commands as root, highlighting the severity of the flaw. This type of command injection vulnerability can be particularly dangerous as it allows attackers to execute commands without triggering system syslog messages, making it challenging to detect malicious activities.

Despite the potential for code execution and the prevalence of Cisco Nexus switches in enterprise environments, the vulnerability is rated relatively low on the Common Vulnerability Scoring System (CVSS) scale. The reason for this lower rating is the requirement for attackers to already have admin credentials and specific command configurations to successfully exploit the vulnerability. Additionally, most Nexus switches are not directly exposed to the internet, further limiting the threat surface for potential attacks.

However, this incident underscores the trend of sophisticated threat groups leveraging network appliances, like switches, to maintain persistent access within corporate networks. Network appliances are often overlooked in terms of security measures, making them attractive targets for cybercriminals seeking to infiltrate organizations.

In a related incident, the same threat actor used outdated F5 BIG-IP appliances to deploy custom malware and steal sensitive data from an East Asian company. The malicious campaign went undetected for three years, underscoring the need for increased vigilance and proactive security measures within organizations.

To mitigate the risk posed by this zero-day vulnerability, Cisco recommends that companies update their admin credentials and closely monitor network activity. Admins can also utilize Cisco’s software checker page to assess their devices’ exposure and take necessary precautions to prevent potential attacks.

Overall, the exploitation of this zero-day vulnerability by China-nexus hackers highlights the ongoing threat of cyber attacks and the importance of robust security practices to safeguard against advanced threats in today’s digital landscape.

Source link

Latest articles

Miasma Worm Resurfaces as RAT-First npm Attack with Automatic Propagation Disabled

Malicious Re-Entry of the Miasma Worm: A New Threat to AsyncAPI Packages In a troubling...

Pentagon Suspends CMMC Phase II Requirements for Defense Contractors

Suspension of CMMC Phase II: A New Direction for Cybersecurity in the Defense Industrial...

Enhancing Cyber-Resilience of AI in the Enterprise

Rapid Growth of Enterprise AI and Security Oversights Enterprise Artificial Intelligence (AI) is experiencing unprecedented...

Phishing for Beginners: Forg365 Reduces Barriers to M365 Account Takeovers

Recent developments in cybercrime have given rise to a new service that is raising...

More like this

Miasma Worm Resurfaces as RAT-First npm Attack with Automatic Propagation Disabled

Malicious Re-Entry of the Miasma Worm: A New Threat to AsyncAPI Packages In a troubling...

Pentagon Suspends CMMC Phase II Requirements for Defense Contractors

Suspension of CMMC Phase II: A New Direction for Cybersecurity in the Defense Industrial...

Enhancing Cyber-Resilience of AI in the Enterprise

Rapid Growth of Enterprise AI and Security Oversights Enterprise Artificial Intelligence (AI) is experiencing unprecedented...