In April 2024, the China-linked APT group Velvet Ant exploited zero-day vulnerability CVE-2024-20399 in Cisco switches to deploy custom malware, gaining control over the network devices. Attackers with valid administrator credentials executed commands as root, bypassing security measures and installing the 'VELVETSHELL' malware for persistent access and espionage. The malware granted capabilities for command execution, file management, and creating traffic tunnels, compromising the integrity of Cisco's network infrastructures and potentially leading to data exfiltration.
Source: https://securityaffairs.com/167423/apt/china-velvet-ant-zero-day-cisco-switches.html
"id": "cis000082424",
"linkid": "cisco",
"type": "Vulnerability",
"date": "8/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"