The CVE identifier for the Cisco NX-OS software flaw is CVE-2024-20399. It is a command injection vulnerability that allows an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device3.
CVE-2024-20399 represents a command injection vulnerability in the CLI of Cisco NX-OS Software, which allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device14. The vulnerability is due to insufficient validation of arguments passed to specific configuration CLI commands, and an attacker can exploit it by including crafted input as the argument of an affected configuration CLI command1.
The Velvet Ant group exploits the Cisco vulnerability (CVE-2024-20399) by leveraging insufficient validation of arguments passed to specific configuration CLI commands. This allows them to include crafted input as the argument of an affected configuration CLI command, execute arbitrary commands on the underlying operating system with root privileges, and remotely connect to compromised Cisco Nexus devices to upload additional files and execute code14.