back to article No rest for the wiry as Cisco Nexus switches flip out over latest zero-day

Cisco switch owners should probably apply the patch that just dropped for a vulnerability that was exploited in April as a zero-day to install malware on an array of its Nexus switches. On paper, CVE-2024-20399 doesn't seem like the worst thing in the world. It is a command injection bug, typically a serious issue, but it has …

  1. Yorick Hunt Silver badge

    "Cisco switch owners should probably... "

    ... Ditch the boat-anchor-shaped colanders and replace them with something - anything - else.

    1. pc-fluesterer.info

      Not 'anything' but only FOSS!

      https://forums.theregister.com/post/4890470

  2. sanmigueelbeer
    Coat

    To successfully exploit this vulnerability an attacker must have Administrator credentials

    Velvet Ant was able to exploit it as a zero-day in April and use it to drop some remote access malware onto the switch,

    What is the patch for? What is the patch for if the proverbial have already launched off the gate?

    If Velvet Ant was able to employed this bug and, according to Cisco, "an attacker must have Administrator credentials" then applying the patch is futile since the intruders have already gone past the gates.

  3. Mike 137 Silver badge

    "This vulnerability is due to insufficient validation of arguments ..."

    Again and again and again, the same lack of attention to basic security. Getting it right should not be hard. Particularly in the context of an appliance CLI (which by definition has a limited and quite explicit range of acceptable user input) it's bizarre, and indeed inexcusable, that validation is not performed adequately.

    1. Anonymous Coward
      Anonymous Coward

      Re: "This vulnerability is due to insufficient validation of arguments ..."

      .. but, but, but this is sold as US approved "safe". Much safer than Huawei which is still the only one who actually had its code properly examined and was found clean!

      Strikes me thus as the perfect companion to a Microsoft infrastructure...

  4. sanmigueelbeer

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like