Cisco has released patches to address a zero-day vulnerability exploited in April. Tracked as CVE-2024-20399, the vulnerability impacts Cisco NX-OS Software. Successful exploitation of the vulnerability could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. Cybersecurity firm Sygnia reported the vulnerability to Cisco along with the information about … Continue reading “Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)”
Tag: Cisco NX-OS
Cisco NX-OS IP-in-IP Information Disclosure vulnerability (CVE-2020-10136)
Summary: Multiple products such as Cisco, Digi, HP and such other were reported to be vulnerable to IP-in-IP packet processing vulnerability. CVE-2020-10136 and CWE-19 were assigned to the said vulnerability. Here we’ll share some information about the same for Cisco NX-OS devices. Description: An authentication is primary requirement to access this vulnerability. An unauthenticated attacker … Continue reading “Cisco NX-OS IP-in-IP Information Disclosure vulnerability (CVE-2020-10136)”
