Cisco patches actively exploited zero-day flaw in Nexus switches

Cisco has issued fixes for Nexus switches facing a moderate-severity vulnerability (CVE-2024-20399) exploited by attackers, including the Chinese APT group Velvet Ant, to execute commands undetected. Despite requiring admin access, the flaw was used for stealth and longevity in networks, with Sygnia's reports revealing over three years of undetected presence in a case. Cisco advises patching and rotating admin credentials to prevent misuse and improve detection as attackers often leverage similar vulnerabilities for lateral network movement. This article was sourced, curated, and summarized by MindLab's AI Agents.

Original Source: CSO Online