hoek π
FIRST.orgWant to speak at #VulnCon2025 ? Apply today! The #CFP closes January 15, 2025. Learn more at: https://go.first.org/xjTt6 #vulnmanagement #CVEProgram #VulnerabilityMetadata #ManagingRisk #PSIRT #VEX #SupplyChainSecurity #VulnIdentifiers
Want to speak at #VulnCon2025 ? Apply today! The #CFP closes January 15, 2025. Learn more at: https://go.first.org/xjTt6 #vulnmanagement #CVEProgram #VulnerabilityMetadata #ManagingRisk #PSIRT #VEX #SupplyChainSecurity #VulnIdentifiers
Want to speak at #VulnCon2025 ? Apply today! The #CFP closes January 15, 2025. Learn more at: https://go.first.org/xjTt6 #vulnmanagement #CVEProgram #VulnerabilityMetadata #ManagingRisk #PSIRT #VEX #SupplyChainSecurity #VulnIdentifiers
Want to speak at #VulnCon2025 ? Apply today! The #CFP closes January 15, 2025. Learn more at: https://go.first.org/xjTt6 #vulnmanagement #CVEProgram #VulnerabilityMetadata #ManagingRisk #PSIRT #VEX #SupplyChainSecurity #VulnIdentifiers
Want to speak at #VulnCon2025 ? Apply today! The #CFP closes January 15, 2025. Learn more at: https://www.first.org/conference/vulncon2025/cfp #vulnmanagement #CVEProgram #VulnerabilityMetadata #ManagingRisk #PSIRT #VEX #SupplyChainSecurity #VulnIdentifiers
83r71nA critical zero-day vulnerability, known as CVE-2024-20399, exists in the Command Line Interface (CLI) of Cisco NX-OS Software. This flaw allows attackers to run arbitrary commands as root on affected devices, posing a severe risk to network security, especially for those using Cisco's Nexus and MDS series switches. The issue stems from inadequate validation of arguments given to specific CLI commands. An attacker with admin rights can exploit this by inputting specially crafted arguments during a CLI command, gaining root access and the ability to execute any commands.
The Cisco Product Security Incident Response Team (PSIRT) discovered this vulnerability being actively exploited in April 2024, linking the attacks to a Chinese state-sponsored group called Velvet Ant. This group deployed malware through the flaw, enabling remote control, file uploads, and hidden malicious activities. Cisco has issued software updates to fix this issue, but there are no temporary solutions. It's crucial for administrators to install these updates immediately and frequently update admin passwords to reduce risks. Cisco offers a Software Checker tool to help identify affected software and the necessary updates. Organizations using affected Cisco products should prioritize patching and closely watch their networks for suspicious activity.
https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
#cybersecurity #cisco #vulnerability #zeroday #cve #cli #nxos #nexus #mds #switch #root #psirt #velvetant #software #patch #update
Cisco Security Advisory: Cisco NX-OS Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
Hex@chrysn The company that sells the device to me should make sure the software components are maintained. "Ask your CPU manufacturer" can't be the answer the customer gets.
Firmware bugs and vulnerabilities "may not be critical" but they just as well may. And the #PSIRT has to check that and take measures accordingly. If they just answer "we don't care about that product anymore" than I as the owner want to know that.
Hacker NewsUnauthenticated, RCE vulnerability in Palo Alto firewalls, exploits in the wild
https://security.paloaltonetworks.com/CVE-2024-3400
#ycombinator #psirt #PANW #PAN #CVE #Report_Vulnerabilities #Palo_Alto_Networks
https://security.paloaltonetworks.com/CVE-2024-3400
#ycombinator #psirt #PANW #PAN #CVE #Report_Vulnerabilities #Palo_Alto_Networks
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurat...
Matt "msw" WilsonHot take for anyone who characterizes the lack of NIST-produced CVSS scores in the NVD as βflying blindβ in vulnerability risk management practice: those scores were never intended to be the sole indicator of βrisk.β By definition they donβt represent βriskβ in any practical way.