Cisco has recently issued patches for multiple series of Nexus switches to address a vulnerability that has the potential to enable attackers to conceal the execution of bash commands on the underlying operating system.
Although the severity of the flaw is classified as moderate due to the requirement for administrative credentials to exploit it, it has been actively exploited in the wild since April. This serves as a reminder that attackers are not solely focused on critical or high-risk vulnerabilities.
Identified as CVE-2024-20399, the vulnerability stems from inadequate validation of arguments passed along with configuration commands to the command line interface of NX-OS software, which is the operating system that runs on a variety of Cisco switches. Affected series include the MDS 9000 Series Multilayer Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode.
The exploit involves the manipulation of configuration commands to execute unauthorized bash commands on the underlying operating system. This could potentially allow an attacker to conceal their malicious activities and carry out unauthorized actions.
Cisco has acted swiftly to release patches to address this vulnerability in an effort to protect users from potential exploitation. Users are urged to apply these patches promptly to mitigate the risk of falling victim to attacks leveraging this vulnerability.
It is worth noting that even though this vulnerability is classified as moderate and requires administrative credentials for exploitation, the fact that it has been actively exploited in the wild underscores the importance of timely patching and vigilance from organizations and users.
In conclusion, the release of patches by Cisco to address the CVE-2024-20399 vulnerability highlights the ongoing threat landscape faced by organizations and the need for proactive security measures to safeguard against potential attacks. Vigilance, prompt patch management, and a comprehensive security posture are essential components in mitigating risks posed by vulnerabilities in networking infrastructure.