Cisco NX-OS: Flaw under attack, update available
A security vulnerability in the Cisco NX-OS of several Nexus and MDS switches has been under attack since April. Cisco is now providing an update.
Vulnerabilities threaten Cisco devices.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
A security vulnerability in the Cisco NX-OS software of several of the manufacturer's switch series is already being attacked in the wild - indications suggest that this has been happening since April. Cisco is now releasing updated firmware for vulnerable switches. IT managers should install them quickly.
The error is due to insufficient checking of arguments that are passed through to certain command line commands. By sending manipulated input to affected CLI commands, attackers can execute arbitrary commands on the underlying Linux operating system as root (CVE-2024-20399, CVSS 6.0, risk"medium"). However, they need administrator rights to exploit this, which is why the risk assessment is lower.
Cisco NX-OS: Vulnerability already attacked
In Cisco's security announcement, the network equipment provider writes that the PSIRT (Product Security Incident Response Team) already encountered exploit attempts for this vulnerability in the wild in April 2024. The US cybersecurity authority CISA has also included the vulnerability in the Known Exploited Vulnerabilities catalog. The vulnerability was also reported by the IT security company Sygnia. In the notification, Sygnia explains that the criminal group "Velvet Ant" with roots in China has misused the vulnerability for espionage attacks.
Devices from the Cisco MDS 9000, Nexus 3000, Nexus 5500 platform, Nexus 5600 platform, Nexus 6000, Nexus 7000 and Nexus 9000 series switches are affected. Cisco is providing updated firmware for these switches to patch the security vulnerability. Admins should download and install the available updates as soon as possible, as the vulnerability is already under attack. They should not be deterred by the fact that the CVSS risk rating is comparatively low.
Cisco last closed gaps in NX-OS and other systems in February. These included, in particular, a denial-of-service vulnerability that allowed attackers to paralyze device functions.
(dmk)