Cisco Systems has released a security advisory detailing a vulnerability in its NX-OS Software that affects multiple switch product lines. The vulnerability, identified as CVE-2024-20399 allows an authenticated local attacker with administrator credentials to execute arbitrary commands as root on the underlying operating system of affected devices.
Affected Products:
MDS 9000 Series Multilayer Switches
Nexus 3000 Series Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode
The vulnerability results from insufficient validation of arguments passed to specific configuration CLI commands. Exploitation requires administrator credentials and access to certain configuration commands.
Impact varies by NX-OS version and switch model:
For Nexus 3000 and 9000 Series running NX-OS releases 9.3(5) and later, the vulnerability's impact is reduced due to the bash-shell feature, with some exceptions for specific models.
Nexus 7000 Series running NX-OS releases 8.1(0) and later are less affected due to the bash-shell feature.
Cisco has released software updates to address this vulnerability. No workarounds are available. The company recommends immediate upgrade to the fixed software versions.
In April 2024, Cisco's Product Security Incident Response Team (PSIRT) reported attempted exploitation of this vulnerability in the wild.
Cisco acknowledges Sygnia for reporting this vulnerability and credits Tristan Van Egroo of the Cisco Advanced Security Initiatives Group (ASIG) for investigating it.
For detailed information, customers are advised to consult the full security advisory available on the Cisco Security Center website.
