just in time to celebrate infosec.exchange returning, Cisco zero day: Cisco NX-OS Software CLI Command Injection Vulnerability
CVE-2024-20399 (6.0 medium) A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.
In April 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.
A 2nd #Trump admin could #weaponize existing government agencies to dismantle democracy itself.
This article is part of “Project 2025: The Plot Against #America,” a Nation special issue devoted to unpacking the right’s vast & chilling program for a 2nd Trump term.
In the section on the #DHS …there’s a plan to eliminate the ability of the agency that monitors #ElectionSecurity to prevent the spread of #disinformation about voting & #vote counting.
…Think back to Nov 2020, when #Trump was developing his #BigLie about the #election he’d lost. Trump’s false assertion the election had been characterized by “massive improprieties & fraud” was tripped up by #ChrisKrebs, who served as dir of the #Cybersecurity & Infrastructure #Security Agency (#CISA) in the DHS.
In Mandate’s chapter on the #DHS, Ken Cuccinelli writes, “Of the utmost urgency is immediately ending CISA’s counter-mis / #disinformation efforts. … #Project2025 document declares that “the entirety of the #CISA#Cybersecurity Advisory Committee should be dismissed on Day One.”
…This is just one way that Project 2025’s cabal of “experts” is scheming to thwart honest discourse about #elections & #democracy.
CERT-EU warns of an exploited zero-day for Palo Alto Networks: CVE-2024-3400 (10.0 critical, disclosed 12 April 2024) command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. Affected versions are PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1. This zero-day is NOT patched yet, and hotfix releases will be made available starting 14 April 2024. 🔗 https://cert.europa.eu/publications/security-advisories/2024-037/ and original Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2024-3400
@GottaLaff@JaneDoeTheFirst 1) I really don’t like to hear people talk at all about rigging or stealing the elections. That constant mantra that tfg, bannon, stone, started with ‘stop the steal’ in ‘16 & ‘20 played a big part in the insurrection because people listen to pundits and not the 65 cases that were brought by attorneys and denied by judges, indicating that the election was free, fair legitimate. They didn’t listen to Chris Krebs with #CISA