China-Linked Cyber Espionage Group Velvet Ant Exploits Zero-Day Flaw in Cisco NX-OS Software
July 2, 2024 – In a significant cybersecurity revelation, Velvet Ant, a China-nexus cyber espionage group, has been observed exploiting a zero-day vulnerability in Cisco NX-OS Software used in its network switches. The flaw, tracked as CVE-2024-20399, has a CVSS score of 6.0 and is attributed to a command injection issue that enables an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This command injection vulnerability stems from insufficient validation of arguments passed to specific configuration CLI commands, allowing adversaries to include crafted inputs as arguments. Cisco's security team indicated that the vulnerability’s severity is mitigated by the requirement for the attacker to already possess administrator credentials and access to specific configuration commands. Sygnia, a cybersecurity firm, disclosed that Velvet Ant successfully leveraged this flaw to deploy custom malware, allowing the ...
