04 Jul, 2024

Chinese Hackers Exploit Zero-day Vulnerability in Cisco Switches to Install Malware

This vulnerability, tracked as CVE-2024-20399, is a command injection case (CVSS score: 6.0) that allows executing arbitrary commands as root. According to Sygnia, Velvet Ant can use this vulnerability to connect to Cisco Nexus devices, upload files and run code.

Cisco stated that the vulnerability was caused by insufficient validation of arguments passed to certain CLI commands and that attackers could abuse these commands. Because this vulnerability requires administrative privileges, it is rated as low severity. Affected devices include MDS 9000, Nexus 3000, 5500, 5600, 6000, 7000 and 9000 series switches.

Velvet Ant used F5 BIG-IP devices to steal customer and financial information in a three-year cyberattack against an organization in East Asia. Sygnia emphasized that there are difficulties in detecting such malicious activities due to the lack of monitoring of network devices.

During the same period, GreyNoise reported on another critical vulnerability (CVE-2024-0769, CVSS score: 9.8) affecting D-Link DIR-859 routers. This vulnerability is used to collect account information and will not be patched as the product is end-of-life.

 

To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.





About Content:
The vulnerability, tracked as CVE-2024-20399, provides root access to Cisco Nexus devices via command injection, allowing Velvet Ant to upload files and execute code. Cisco stated that this vulnerability was caused by insufficient argument validation and that attackers could abuse CLI commands. Details are in our content.
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram