CVE-2024-20399
6.0 MEDIUM
📋 TL;DR
This vulnerability allows authenticated users with Administrator credentials to execute arbitrary commands as root on Cisco NX-OS devices through command injection in specific CLI commands. It affects Cisco NX-OS Software on various Nexus switches. Attackers need valid admin credentials to exploit this vulnerability.
💻 Affected Systems
Products:
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 7000 Series Switches
- Cisco Nexus 9000 Series Switches
Versions: Multiple Cisco NX-OS Software releases - see Cisco advisory for specific affected versions
Operating Systems: Cisco NX-OS
Default Config Vulnerable:
⚠️ Yes
Notes: Devices with bash-shell feature already enabled (Nexus 3000, 7000 with 8.1(1)+, 9000 standalone) do not gain additional privileges from this vulnerability.
📦 What is this software?
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
⚠️ Risk & Real-World Impact
Worst Case
Full root-level compromise of affected network devices, allowing complete control, data exfiltration, network pivoting, and persistent backdoor installation.
Likely Case
Privileged attackers with stolen or compromised admin credentials gain root access to execute commands, potentially disrupting network operations or stealing sensitive configuration data.
If Mitigated
With proper credential protection and network segmentation, impact is limited to authorized administrators who already have significant device access.
🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH
🎯 Exploit Status
Public PoC:
✅ No
Weaponized:
CONFIRMED
Unauthenticated Exploit:
✅ No
Complexity:
LOW
Exploitation requires valid Administrator credentials. The vulnerability has been exploited in the wild by threat actors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Cisco advisory for fixed releases specific to each product
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
Restart Required: Yes
Instructions:
1. Review Cisco advisory for affected versions. 2. Download and install appropriate fixed software release. 3. Reload the device to apply the update. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Restrict Administrative Access
allLimit administrative access to trusted sources using access control lists and strong authentication
Monitor Administrative Sessions
allImplement logging and monitoring of administrative CLI sessions for suspicious activity
🧯 If You Can't Patch
- Implement strict access controls and multi-factor authentication for administrative accounts
- Segment network to limit lateral movement from compromised devices
🔍 How to Verify
Check if Vulnerable:
Check Cisco advisory for affected versions and compare with your device's NX-OS versionCheck Version:
show version | include nxosVerify Fix Applied:
Verify installed software version matches fixed release from Cisco advisory📡 Detection & Monitoring
Log Indicators:
- Unusual CLI command patterns
- Multiple failed authentication attempts followed by successful admin login
- Execution of unexpected system commands
Network Indicators:
- Unexpected outbound connections from network devices
- Anomalous traffic patterns from management interfaces
SIEM Query:
Search for: 'admin login success' followed by 'CLI command execution' within short time window🔗 References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
- https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20399
