Cisco patches an NX-OS flaw used in attempted exploitation

Cisco has released a patch for a vulnerability in the Command Line Interface (CLI) of its NX-OS Software, currently seeing attempted exploitation in the wild.

The flaw is tracked as CVE-2024-20399 (CVSS score: 6.0), allows authenticated, local attackers with administrator credentials to execute arbitrary commands as root on the affected devices.

The root cause of the vulnerability is insufficient validation of arguments passed to specific configuration CLI commands. An attacker can exploit this flaw by providing specially crafted input as an argument, gaining root privileges on the underlying operating system and enabling the execution of arbitrary commands.

Obviously, the exploit difficulty is not trivial since targeting an administrator of a NX-OS device and having access to a system where the NX-OS login with admin credentials is used is far from easy. Exploitation of such a flaw can only be useful to state-sponsored outfits which can precisely target an individual.

The following Cisco products are affected if running a vulnerable release of Cisco NX-OS Software:

• MDS 9000 Series Multilayer Switches
• Nexus 3000 Series Switches
• Nexus 5500 Platform Switches
• Nexus 5600 Platform Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 9000 Series Switches (in standalone NX-OS mode)

Certain models within the Nexus 3000 and Nexus 9000 series, specifically the N3K-C3264C-E and N9K-C92348GC-X, are not affected if they are running Cisco NX-OS Software releases 9.3(5) and later, with further updates required to versions 10.4.3 and later.

Cisco has released software updates to address this vulnerability and advises administrators to apply these updates. No workarounds are available for this issue.