Cisco NX-OS Software CLI Command Injection Vulnerability - 20240702002¶
Overview¶
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.
What is vulnerable?¶
| Product(s) Affected | CVE | Severity | CVSS |
|---|---|---|---|
| MDS 9000 Series Multilayer Switches (CSCwj97007) Nexus 3000 Series Switches (CSCwj97009) Nexus 5500 Platform Switches (CSCwj97011) Nexus 5600 Platform Switches (CSCwj97011) Nexus 6000 Series Switches (CSCwj97011) Nexus 7000 Series Switches (CSCwj94682) Nexus 9000 Series Switches in standalone NX-OS mode (CSCwj97009) | CVE-2024-20399 | Medium | 6.0 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Since the publication of this advisory, this item has been added to the CISA Known Exploited Vulnerability catalog.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
- Cisco advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
Additional References¶
- CISA Known Exploited Vulnerability Catalogue: https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog
- Tenable article: https://www.tenable.com/plugins/nessus/132414