Security News > 2024 > July > Cisco warns of NX-OS zero-day exploited to deploy custom malware
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.
"The threat actors gathered administrator-level credentials to gain access to Cisco Nexus switches and deploy a previously unknown custom malware that allowed them to remotely connect to compromised devices, upload additional files and execute malicious code."
Cisco says the vulnerability can be exploited by local attackers with Administrator privileges to execute arbitrary commands with root permissions on vulnerable devices' underlying operating systems.
Admins can use the Cisco Software Checker page to determine whether devices on their network are exposed to attacks targeting the CVE-2024-20399 vulnerability.
Last month, Sygnia said Velvet Ant targeted F5 BIG-IP appliances with custom malware in a cyberespionage campaign.
Microsoft fixes Windows zero-day exploited in QakBot malware attacks.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-20399 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. | 6.7 |