Cisco Nexus switches targeted by large-scale Chinese malware campaign

Chinese threat actors have been found abusing a zero-day vulnerability in certain Cisco switches to take over the devices and install malware.

The findings come courtesy of Sygnia, which recently uncovered a new malicious campaign apparently undertaken by a Chinese state-sponsored threat actor known as Velvet Ant.

“The threat actors gathered administrator-level credentials to gain access to Cisco Nexus switches and deploy a previously unknown custom malware that allowed them to remotely connect to compromised devices, upload additional files and execute malicious code,” Amnon Kushnir, Director of Incident Response at Sygnia, told BleepingComputer.

The vulnerability has since been patched, so if you’re using any of the below-mentioned models, make sure to apply the fix immediately.

The vulnerability is tracked as CVE-2024-20399 and, according to Cisco, can be abused by local attackers with admin privileges. It grants them the ability to run arbitrary commands with root permissions on NX-OS, the operating system powering the switches.

“This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command,” Cisco said.

Here is the full list of vulnerable endpoints:

MDS 9000 Series Multilayer Switches

Nexus 3000 Series Switches

Nexus 5500 Platform Switches

Nexus 5600 Platform Switches

Nexus 6000 Series Switches

Nexus 7000 Series Switches

Nexus 9000 Series Switches in standalone NX-OS mode

Besides being able to run arbitrary commands with root privileges, the vulnerability also allows the attackers to stay hidden while doing so, since it doesn’t trigger system syslog messages, it was said.

To look for signs of compromise, Cisco advises network administrators to keep track, and update, the login credentials of network-admin and vdc-admin users. Ultimately, they can use the Cisco Software Checker page to see if any of their devices are vulnerable.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/YbizeHRMkF5QLe6eeYypqc-1200-80.jpg

Source link

If you want a budget TV, this Amazon Fire 4-Series is hard to beat at its record-low price

What are OpenClaw Skills? A detailed guide

Microsoft deploys yet another emergency patch for Windows 11 — but at least the fix for the broken March update arrived quickly

Samsung’s new 2026 TVs are live, which means you can score record-low prices on existing models — here are 12 deals I’d buy from...

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Zach Cregger Writing Gladys Movie With Zach Shields

‘Weapons’ Prequel ‘Gladys’ Adds Zach Shields to Co-Write With Zach Cregger

Tristan Thompson’s Kids Moms Are “All Friends”

Celebrities we’ve lost in 2026

Jefferies cuts Beyond Meat stock price target on weak sales trends

The quadruple amputee cornholer’s shooting was in self-defense, lawyer says

New Height Energy closes Midland Basin acquisition deal

Tiger Woods says he’ll seek treatment for substance abuse after another DUI arrest

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Cisco Nexus switches targeted by large-scale Chinese malware campaign

If you want a budget TV, this Amazon Fire 4-Series is hard to beat at its record-low price

Zach Cregger Writing Gladys Movie With Zach Shields

Jefferies cuts Beyond Meat stock price target on weak sales trends

‘Weapons’ Prequel ‘Gladys’ Adds Zach Shields to Co-Write With Zach Cregger