Cisco Nexus switches targeted by large-scale Chinese malware campaign

Chinese threat actors have been found abusing a zero-day vulnerability in certain Cisco switches to take over the devices and install malware.

The findings come courtesy of Sygnia, which recently uncovered a new malicious campaign apparently undertaken by a Chinese state-sponsored threat actor known as Velvet Ant.

“The threat actors gathered administrator-level credentials to gain access to Cisco Nexus switches and deploy a previously unknown custom malware that allowed them to remotely connect to compromised devices, upload additional files and execute malicious code,” Amnon Kushnir, Director of Incident Response at Sygnia, told BleepingComputer.

The vulnerability has since been patched, so if you’re using any of the below-mentioned models, make sure to apply the fix immediately.

The vulnerability is tracked as CVE-2024-20399 and, according to Cisco, can be abused by local attackers with admin privileges. It grants them the ability to run arbitrary commands with root permissions on NX-OS, the operating system powering the switches.

“This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command,” Cisco said.

Here is the full list of vulnerable endpoints:

MDS 9000 Series Multilayer Switches

Nexus 3000 Series Switches

Nexus 5500 Platform Switches

Nexus 5600 Platform Switches

Nexus 6000 Series Switches

Nexus 7000 Series Switches

Nexus 9000 Series Switches in standalone NX-OS mode

Besides being able to run arbitrary commands with root privileges, the vulnerability also allows the attackers to stay hidden while doing so, since it doesn’t trigger system syslog messages, it was said.

To look for signs of compromise, Cisco advises network administrators to keep track, and update, the login credentials of network-admin and vdc-admin users. Ultimately, they can use the Cisco Software Checker page to see if any of their devices are vulnerable.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/YbizeHRMkF5QLe6eeYypqc-1200-80.jpg

Source link

Popular VPNs have just disappeared from the Apple App Store in Russia

Nothing’s new budget smartwatch has a great design feature you won’t find on an Apple or Galaxy Watch

Does your turntable need a USB port? Here’s why it does (or doesn’t) matter

Which Is Better for Your Team?

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Bond yields up stocks down? By Investing.com

Civics are becoming a 21st-century business skill

Investor demand returns to bitcoin despite stagnant price, data shows

Transaction in Own Shares By Investing.com

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Cisco Nexus switches targeted by large-scale Chinese malware campaign

Popular VPNs have just disappeared from the Apple App Store in Russia

Bond yields up stocks down? By Investing.com

Nothing’s new budget smartwatch has a great design feature you won’t find on an Apple or Galaxy Watch

Civics are becoming a 21st-century business skill

Leave a reply Cancel reply