.webp)
Cisco immediately responded with software updates to mitigate the problem, insisting there was no practical fix to the problem.
A critical zero-day vulnerability, CVE-2024-20399, affecting Cisco NX-OS software used in Nexus-series switches, has been revealed in a recent security alert by Cisco and cybersecurity firm Sygnia. This allows unauthorized access to compromised devices and has been detected during a forensic investigation linked to state-backed hackers known as Velvet Ant.
Amnon Kushir, research manager at Sygnia, reported that threat actors used employee credentials to infiltrate networks and deploy customized malware that allowed remote access and malicious code execution. The hackers exploited the vulnerability to control the affected devices. Cisco immediately responded with software updates to mitigate the problem, insisting there was no practical fix to the problem. Their Product Security Incident Response Team (PSIRT) discovered the attempted exploitation of the vulnerability back in April. Although Cisco Nexus switches are primarily used in secure enterprises such as data centers, Sygnia warned that many devices still lack adequate security. Kushir emphasized the attackers' adeptness at breaching networks, highlighting Velvet Ant's goal of maintaining persistent surveillance within target networks.
This incident highlights the ongoing threats posed by state-backed cyber groups targeting critical infrastructure. Organizations are urged to quickly deploy Cisco’s updates and upgrade security measures to protect against similar incidents.
.webp)
