A China-nexus cyber espionage team named Velvet Ant has been observed exploiting a zero-working day flaw in Cisco NX-OS Application applied in its switches to produce malware.
The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.), concerns a case of command injection that lets an authenticated, neighborhood attacker to execute arbitrary instructions as root on the underlying working method of an influenced unit.
“By exploiting this vulnerability, Velvet Ant properly executed a beforehand unknown custom made malware that allowed the threat group to remotely join to compromised Cisco Nexus equipment, add supplemental information, and execute code on the devices,” cybersecurity company Sygnia reported in a assertion shared with The Hacker Information.

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Cisco stated the issue stems from insufficient validation of arguments that are handed to specific configuration CLI commands, which could be exploited by an adversary by such as crafted input as the argument of an afflicted configuration CLI command.
What is extra, it allows a user with Administrator privileges to execute commands with out triggering method syslog messages, thus generating it attainable to conceal the execution of shell instructions on hacked appliances.
Even with the code execution capabilities of the flaw, the lessen severity is owing to the truth that productive exploitation demands an attacker to be already in possession of administrator credentials and have entry to certain configuration instructions. The pursuing gadgets are impacted by CVE-2024-20399 –
- MDS 9000 Sequence Multilayer Switches
- Nexus 3000 Sequence Switches
- Nexus 5500 System Switches
- Nexus 5600 Platform Switches
- Nexus 6000 Series Switches
- Nexus 7000 Sequence Switches, and
- Nexus 9000 Collection Switches in standalone NX-OS mode
Velvet Ant was to start with documented by the Israeli cybersecurity agency last month in relationship with a cyber attack targeting an unnamed organization situated in East Asia for a period of about 3 many years by setting up persistence utilizing out-of-date F5 Major-IP appliances in purchase to stealthily steal client and financial information.
“Network appliances, particularly switches, are often not monitored, and their logs are routinely not forwarded to a centralized logging system,” Sygnia said. “This deficiency of monitoring results in considerable problems in determining and investigating destructive activities.”
The enhancement will come as danger actors are exploiting a critical vulnerability influencing D-Connection DIR-859 Wi-Fi routers (CVE-2024-0769, CVSS rating: 9.8) – a route traversal issue primary to info disclosure – to obtain account information this sort of as names, passwords, groups, and descriptions for all users.
“The exploit’s versions […] allow the extraction of account particulars from the system,” risk intelligence firm GreyNoise claimed. “The product is Close-of-Lifestyle, so it would not be patched, posing extended-expression exploitation risks. A number of XML files can be invoked making use of the vulnerability.”
Identified this article intriguing? Abide by us on Twitter and LinkedIn to go through additional unique content we put up.
Some components of this report are sourced from:
thehackernews.com