Published on 02 Jul 2024
Cisco has released security updates to address a vulnerability (CVE-2024-20399) in their Cisco NX-OS Software. The vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerability could allow an authenticated, local attacker with Administrator credentials to execute arbitrary commands on the underlying operating system with the privileges of root.
This vulnerability affects Cisco switches running vulnerable releases of their NX-OS software:
Users and administrators of affected product versions are advised to update to the latest version immediately.
Administrators can use the Cisco Software Checker page to determine whether devices on their network are exposed to attacks targeting the vulnerability: https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
Additionally, administrators are also advised to monitor and change the credentials of network-admin and vdc-admin administrative users regularly.