CVE-2024-20399

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions prior to the fixed version

Description A vulnerability in the Command Line Interface (CLI) of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. The vulnerability has been exploited by the China-linked threat group Velvet Ant to gain control and evade detection.

Recommendations To resolve the issue, apply the software updates released by Cisco that address this vulnerability. There are no workarounds that address this vulnerability. Restrict administrative access and use central authentication, authorization, and accounting management for users (AAA). Regularly change administrator credentials and check devices for signs of exploitation.