Friday, July 5, 2024

HomeCyberSecurityCisco Nexus devices zero day raises alarms despite CVSS score
CyberSecurity

Cisco Nexus devices zero day raises alarms despite CVSS score

David Jones
By David Jones
0
5
Cisco Nexus devices zero day raises alarms despite CVSS score

Dive Brief:

  • A suspected threat actor with ties to China is actively exploiting a zero-day vulnerability in Cisco NX-OS software, researchers said Monday.
  • The suspected actor, dubbed Velvet Ant, is exploiting a command injection vulnerability, identified as CVE-2024-20399, which impacts a wide range of Cisco Nexus devices, according to researchers at Sygnia. The vulnerability has a CVSS score of 6.0, however researchers warn the threat actor is highly sophisticated and is deploying custom malware, Sygnia. 
  • Cisco on Monday released software updates for some NX-OS hardware platforms, and will continue to release additional fixes when they are ready. The company said there are no other workarounds to address the flaw.

Dive Insight:

Sygnia discovered the exploitation as part of a larger investigation into Velvet Ant’s espionage work and found that the threat actor has been operating on a victim’s computer network for three years. 

During the prior investigation, researchers discovered the suspected state-sponsored actor maintaining persistence on a legacy F5 BIG-IP appliance that was exposed to the internet

Sygnia discovered threat activity against Cisco Nexus devices earlier this year and reported it to the company. 

Cisco Nexus devices are often used as backbone switches for data centers, according to Amnon Kushnir, director of incident response at Sygnia. The ability of the hacker to gain root access to the Linux-based operating system and deploy custom malware makes the threat activity particularly challenging. 

Network appliances — and switches in particular — are often not monitored and the logs are usually not sent to a centralized logging system, according to Sygnia researchers. The custom malware allowed the hacker to “enable code execution and traffic tunneling,” so once the malware was deployed, the hackers no longer needed to log in to gain access to the network.

The Cybersecurity and Infrastructure Security Agency has added the bug to its Known Exploited Vulnerabilities catalog. The vulnerability can allow an attacker to execute arbitrary commands with the privileges of root. However, the attackers must have administrator credentials to exploit the vulnerability.


Source link

Bookmark (0)
Previous article
Fox News Politics: Doggett Determination
Next article
New Alzheimer’s drug treatment from Eli Lillly wins FDA approval
David Jones
David Jones
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Load more

Sponsored Business

- Advertisment -spot_img

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

Market World’s portal of services include news, marketing, development and ecommerce. We strive to meet the needs and provide high value for all visitors and customers. We offer digital services for small, mid-sized and large enterprise platforms. We treat our customers as partners and offer the tools and services for growth and success for your journey.

Become a Market World Entrepreneur

FOLLOW US              

© 2022 Market World LLC. All rights reserved