just in time to celebrate infosec.exchange returning, Cisco zero day: Cisco NX-OS Software CLI Command Injection Vulnerability
CVE-2024-20399 (6.0 medium) A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.
In April 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.
The top U.S. #intelligence ofcl on Mon warned that the #war in #Gaza could embolden #terrorist groups, which are aligned in their opposition to the #UnitedStates for its support of #Israel.
“The crisis has galvanized #violence by a range of actors around the world. And while it is too early to tell, it is likely that the Gaza conflict will have a generational impact on #terrorism,” #ODNI#AvrilHaines, told an annual hearing on #GlobalSecurity#threats.