- Chinese hackers associated with Velvet Ant are exploiting a zero-day vulnerability (CVE-2024-20399) in Cisco NX-OS Software to deliver malware via Cisco switches.
- The flaw allows authenticated local attackers to execute arbitrary commands as root on affected devices, enabling remote connection, file uploads, and code execution on compromised Cisco Nexus devices.
- The vulnerability arises from insufficient validation of arguments in specific configuration CLI commands, allowing attackers to execute commands without triggering system syslog messages.
- Successful exploitation requires administrator credentials and access to specific configuration commands, impacting various Cisco devices.
- In a separate incident, threat actors are exploiting a critical vulnerability in D-Link DIR-859 Wi-Fi routers (CVE-2024-0769) to gather account information, posing long-term exploitation risks due to the product being End-of-Life.
https://thehackernews.com/2024/07/chinese-hackers-exploiting-cisco.html
Related Video
Published on: October 9, 2023
Description: The cyber-espionage group, known as BlackTech, can modify router firmware undetected and pivot across networks. While the ...
Chinese Spies hacking into Cisco Routers! #cybersecurity #infosec
Related Wikipedia Articles
Topics: No responseResponse
Response may refer to: Call and response (music), musical structure Reaction (disambiguation) Request–response Output or response, the result of telecommunications input Response (liturgy), a line answering a versicle Response (music) or antiphon, a response to a psalm or other part of a religious service Response, a phase in emergency management...
Read more: Response