Cisco has launched patches for a number of sequence of Nexus switches to repair a vulnerability that might enable attackers to cover the execution of bash instructions on the underlying working system.
Though the flaw is rated with average severity as a result of it requires administrative credentials to use, it has been exploited within the wild since April, exhibiting that attackers don’t goal simply crucial or high-risk flaws.
Tracked as CVE-2024-20399, the flaw is attributable to inadequate validation of arguments handed with configuration instructions to the command line interface of NX-OS software program that powers varied sequence of Cisco switches: MDS 9000 Sequence Multilayer Switches, Nexus 3000 Sequence Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Sequence Switches, Nexus 7000 Sequence Switches and Nexus 9000 Sequence Switches in standalone NX-OS mode.
