CVE-2024-20399
Cisco NX-OS Software CLI Command Injection Vulnerability
In short
A flaw in Cisco NX-OS command-line interface allows administrators to inject malicious commands that execute with root privileges. An attacker with admin credentials can bypass input validation to gain complete control of the device's underlying operating system.
Technical detail
Command injection vulnerability in Cisco NX-OS CLI due to insufficient argument validation. An authenticated attacker with Administrator credentials can inject crafted input into specific configuration commands to execute arbitrary OS-level commands as root. Exploitation requires administrative access; some Nexus models (3000, 7000 v8.1+, 9000 standalone) are unaffected as they already permit administrative bash-shell access.
Summary generated and translated by AI from the official description.
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.
Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges:
Nexus 3000 Series Switches
Nexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later
Nexus 9000 Series Switches in standalone NX-OS mode
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
Cisco · Cisco NX-OS Softwarepublic PoCs found — 1
githubgithub.com/HORKimhab/CVE-2024-20399★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOPhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20399https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/