Active Exploitation of Vulnerability in Cisco NX-OS Software

Published on 02 Jul 2024

Cisco has released security updates to address a vulnerability (CVE-2024-20399) in their Cisco NX-OS Software. The vulnerability is reportedly being actively exploited.

 Successful exploitation of the vulnerability could allow an authenticated, local attacker with Administrator credentials to execute arbitrary commands on the underlying operating system with the privileges of root.

 This vulnerability affects Cisco switches running vulnerable releases of their NX-OS software:

  • MDS 9000 Series Multilayer Switches
  • Nexus 3000 Series Switches
  • Nexus 5500 Platform Switches
  • Nexus 5600 Platform Switches
  • Nexus 6000 Series Switches
  • Nexus 7000 Series Switches
  • Nexus 9000 Series Switches in standalone NX-OS mode

 Users and administrators of affected product versions are advised to update to the latest version immediately. 

 Administrators can use the Cisco Software Checker page to determine whether devices on their network are exposed to attacks targetting the vulnerability:   https://sec.cloudapps.cisco.com/security/center/softwarechecker.x 

Additionally, administrators are also advised to monitor and change the credentials of network-admin and vdc-admin administrative users regularly.

More information is available here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP