A China-linked cyberespionage threat actor known as “Velvet Ant” is now targeting a medium-severity zero-day vulnerability found in the NX-OS network operating system made by IT and networking firm Cisco Systems.
“An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root,” Cisco’s security advisory reads.
“Cisco has released software updates for certain Cisco NX-OS hardware platforms and will continue to release fixes as they become available. There are no workarounds that address this vulnerability,” the company warned.