Cisco patches actively exploited zero-day flaw in Nexus switches

Cisco has released patches for several series of Nexus switches to fix a vulnerability that could allow attackers to hide the execution of bash commands on the underlying operating system.

Although the flaw is rated with moderate severity because it requires administrative credentials to exploit, it has been exploited in the wild since April, showing that attackers don’t target just critical or high-risk flaws.

Tracked as CVE-2024-20399, the flaw is caused by insufficient validation of arguments passed …

actively exploited attackers bash bugs cisco cisco patches commands credentials exploit exploited fix flaw hide network security nexus operating system patches series severity switches system threat and vulnerability management vulnerabilities vulnerability zero-day zero-day flaw zero-day vulnerability