CLI in NX-OS software contains a command injection vulnerability CVE-2024-20399 that is being exploited in the wild

Threat ID:CC-4519

Threat Severity:Medium

Published:2 July 2024 2:11 PM

Summary

Affected platforms

The following platforms are known to be affected:

Cisco Nexus Switches

Nexus 3000 Series Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode

Cisco MDS Multi-layer Switches

MDS 9000 Series Multilayer Switches

Threat details

Cisco Software Checker

Cisco have advocated the use of their Cisco Software Checker to search for Cisco Security Advisories that apply to specific software releases of the following products: Cisco ASA, FMC, FTD, FXOS, IOS, IOS XE, NX-OS and NX-OS in ACI Mode.

Introduction

Cisco has released a security advisory for a vulnerability in the command line interface (CLI) of the NX-OS software in Nexus series switches, which are modular and fixed port network switches designed for data centres. The command injection vulnerability known as CVE-2024-20399 has a CVSSv3 score of 6.0 and is rated at Medium by Cisco.

An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command, leading to arbitrary command execution on the underlying operating system with the privileges of root. This vulnerability is being exploited in the wild.

Exploitation of CVE-2024-20399 in the wild

Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in April 2024.

Remediation advice

Affected organisations are encouraged to read the Cisco Security Advisory cisco-sa-nxos-cmd-injection-xD9OhyOP and apply relevant security updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished

CVE-2024-20399A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.

Last edited: 2 July 2024 2:11 pm