Cisco NX-OS Python Escapes Sandbox via Unsanitized Input
CVE-2024-20285 Published on August 28, 2024
Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.
The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.
Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.
Vulnerability Analysis
CVE-2024-20285 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is a Separation of Privilege Vulnerability?
The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions. When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.
CVE-2024-20285 has been classified to as a Separation of Privilege vulnerability or weakness.
Products Associated with CVE-2024-20285
Want to know whenever a new CVE is published for Cisco Nx Os? stack.watch will email you.
Affected Versions
Cisco NX-OS Software:- Version 7.3(6)N1(1a) is affected.
- Version 8.4(2) is affected.
- Version 7.3(6)N1(1) is affected.
- Version 9.2(3) is affected.
- Version 7.0(3)I5(2) is affected.
- Version 8.2(1) is affected.
- Version 6.0(2)A8(7a) is affected.
- Version 7.0(3)I4(5) is affected.
- Version 6.0(2)A6(1) is affected.
- Version 7.3(1)D1(1) is affected.
- Version 7.0(3)I4(6) is affected.
- Version 7.3(4)N1(1) is affected.
- Version 7.0(3)I4(3) is affected.
- Version 9.2(2v) is affected.
- Version 6.0(2)A6(5b) is affected.
- Version 7.3(0)D1(1) is affected.
- Version 6.2(17a) is affected.
- Version 7.0(3)I4(7) is affected.
- Version 6.0(2)U6(1a) is affected.
- Version 7.1(5)N1(1b) is affected.
- Version 7.0(3)I4(1) is affected.
- Version 7.0(3)I4(8) is affected.
- Version 7.0(3)I4(2) is affected.
- Version 7.1(4)N1(1c) is affected.
- Version 7.0(3)IM3(1) is affected.
- Version 6.0(2)U6(5a) is affected.
- Version 6.0(2)A8(11) is affected.
- Version 6.0(2)A6(4a) is affected.
- Version 6.2(9) is affected.
- Version 6.2(5) is affected.
- Version 9.2(1) is affected.
- Version 9.2(2t) is affected.
- Version 9.2(3y) is affected.
- Version 7.0(3)I4(1t) is affected.
- Version 6.0(2)U6(5c) is affected.
- Version 6.0(2)A6(4) is affected.
- Version 7.0(3)I7(6z) is affected.
- Version 9.3(2) is affected.
- Version 7.3(1)DY(1) is affected.
- Version 7.0(3)F3(3) is affected.
- Version 6.0(2)U6(6) is affected.
- Version 6.2(29) is affected.
- Version 7.0(3)I7(3z) is affected.
- Version 7.0(3)IM7(2) is affected.
- Version 6.0(2)A8(11b) is affected.
- Version 6.2(9a) is affected.
- Version 7.3(0)N1(1) is affected.
- Version 7.0(3)I7(5a) is affected.
- Version 6.2(11d) is affected.
- Version 7.0(3)I6(1) is affected.
- Version 6.0(2)U6(10) is affected.
- Version 7.0(3)IM3(2) is affected.
- Version 6.0(2)A6(8) is affected.
- Version 6.0(2)U6(1) is affected.
- Version 7.3(2)N1(1c) is affected.
- Version 7.0(3)I5(3b) is affected.
- Version 7.3(5)N1(1) is affected.
- Version 6.0(2)A6(2a) is affected.
- Version 7.3(2)N1(1b) is affected.
- Version 6.2(27) is affected.
- Version 7.3(1)N1(1) is affected.
- Version 6.0(2)U6(7) is affected.
- Version 9.2(4) is affected.
- Version 7.1(4)N1(1a) is affected.
- Version 8.1(1) is affected.
- Version 7.1(3)N1(4) is affected.
- Version 7.0(3)IM3(2a) is affected.
- Version 6.0(2)A8(10) is affected.
- Version 7.1(3)N1(2) is affected.
- Version 8.2(2) is affected.
- Version 6.2(13) is affected.
- Version 6.0(2)A8(2) is affected.
- Version 7.0(3)IC4(4) is affected.
- Version 6.2(1) is affected.
- Version 8.3(2) is affected.
- Version 7.3(4)N1(1a) is affected.
- Version 6.0(2)A6(3) is affected.
- Version 6.0(2)U6(5b) is affected.
- Version 7.0(3)F3(3c) is affected.
- Version 7.0(3)F3(1) is affected.
- Version 6.0(2)U6(5) is affected.
- Version 7.0(3)F3(5) is affected.
- Version 7.1(2)N1(1) is affected.
- Version 7.1(3)N1(3) is affected.
- Version 6.0(2)A6(7) is affected.
- Version 7.0(3)I7(2) is affected.
- Version 6.2(5a) is affected.
- Version 6.0(2)A6(5) is affected.
- Version 7.0(3)IM3(2b) is affected.
- Version 7.1(3)N1(1) is affected.
- Version 6.0(2)U6(4a) is affected.
- Version 7.0(3)I5(3) is affected.
- Version 7.0(3)I7(3) is affected.
- Version 6.0(2)A8(6) is affected.
- Version 7.0(3)I6(2) is affected.
- Version 8.3(1) is affected.
- Version 6.2(3) is affected.
- Version 7.1(1)N1(1) is affected.
- Version 8.1(1b) is affected.
- Version 7.3(0)N1(1b) is affected.
- Version 6.0(2)A8(5) is affected.
- Version 7.1(4)N1(1d) is affected.
- Version 7.3(2)N1(1) is affected.
- Version 6.0(2)U6(8) is affected.
- Version 7.1(1)N1(1a) is affected.
- Version 7.0(3)IM3(3) is affected.
- Version 9.3(1) is affected.
- Version 6.0(2)U6(2) is affected.
- Version 6.2(9b) is affected.
- Version 7.1(3)N1(2a) is affected.
- Version 7.3(0)N1(1a) is affected.
- Version 6.0(2)A8(7) is affected.
- Version 7.0(3)I7(6) is affected.
- Version 8.4(1) is affected.
- Version 6.2(25) is affected.
- Version 6.0(2)U6(3a) is affected.
- Version 6.0(2)A8(11a) is affected.
- Version 6.2(11e) is affected.
- Version 7.1(3)N1(5) is affected.
- Version 7.0(3)I4(8z) is affected.
- Version 6.2(11) is affected.
- Version 7.0(3)I4(9) is affected.
- Version 6.2(19) is affected.
- Version 7.1(0)N1(1b) is affected.
- Version 7.0(3)I7(4) is affected.
- Version 7.0(3)I7(7) is affected.
- Version 6.2(5b) is affected.
- Version 7.3(0)DY(1) is affected.
- Version 6.0(2)A8(9) is affected.
- Version 6.0(2)A8(1) is affected.
- Version 7.1(5)N1(1) is affected.
- Version 6.2(15) is affected.
- Version 6.0(2)A6(6) is affected.
- Version 6.0(2)A8(10a) is affected.
- Version 7.0(3)I5(1) is affected.
- Version 9.3(1z) is affected.
- Version 9.2(2) is affected.
- Version 6.2(7) is affected.
- Version 6.2(9c) is affected.
- Version 7.0(3)F3(4) is affected.
- Version 7.3(3)N1(1) is affected.
- Version 7.0(3)I4(8b) is affected.
- Version 6.0(2)A8(3) is affected.
- Version 6.2(11b) is affected.
- Version 7.0(3)I4(6t) is affected.
- Version 7.0(3)I5(3a) is affected.
- Version 8.1(1a) is affected.
- Version 6.2(13a) is affected.
- Version 6.0(2)A8(8) is affected.
- Version 7.0(3)I7(5) is affected.
- Version 7.0(3)F3(3a) is affected.
- Version 7.1(0)N1(1a) is affected.
- Version 6.0(2)A8(4) is affected.
- Version 6.0(2)A6(3a) is affected.
- Version 6.0(2)A6(5a) is affected.
- Version 7.0(3)F2(1) is affected.
- Version 7.0(3)I4(8a) is affected.
- Version 6.0(2)U6(9) is affected.
- Version 7.0(3)F3(2) is affected.
- Version 6.0(2)U6(2a) is affected.
- Version 6.2(17) is affected.
- Version 7.0(3)I4(4) is affected.
- Version 6.2(23) is affected.
- Version 6.2(13b) is affected.
- Version 6.0(2)U6(3) is affected.
- Version 7.1(2)N1(1a) is affected.
- Version 7.0(3)I7(1) is affected.
- Version 6.2(21) is affected.
- Version 7.0(3)F2(2) is affected.
- Version 7.0(3)IA7(2) is affected.
- Version 7.0(3)IA7(1) is affected.
- Version 6.0(2)A8(7b) is affected.
- Version 6.2(11c) is affected.
- Version 7.0(3)F1(1) is affected.
- Version 6.0(2)A6(1a) is affected.
- Version 7.1(0)N1(1) is affected.
- Version 6.0(2)A6(2) is affected.
- Version 7.1(4)N1(1) is affected.
- Version 6.0(2)A8(4a) is affected.
- Version 6.0(2)U6(4) is affected.
- Version 8.4(1a) is affected.
- Version 9.3(3) is affected.
- Version 7.3(7)N1(1) is affected.
- Version 6.2(31) is affected.
- Version 7.0(3)I7(8) is affected.
- Version 6.0(2)U6(10a) is affected.
- Version 7.3(7)N1(1a) is affected.
- Version 9.3(4) is affected.
- Version 6.2(33) is affected.
- Version 9.3(5) is affected.
- Version 8.4(2a) is affected.
- Version 8.4(2b) is affected.
- Version 7.3(8)N1(1) is affected.
- Version 7.0(3)I7(9) is affected.
- Version 7.3(7)N1(1b) is affected.
- Version 8.5(1) is affected.
- Version 9.3(6) is affected.
- Version 10.1(2) is affected.
- Version 10.1(1) is affected.
- Version 8.4(2c) is affected.
- Version 9.3(5w) is affected.
- Version 7.3(9)N1(1) is affected.
- Version 9.3(7) is affected.
- Version 9.3(7k) is affected.
- Version 7.0(3)I7(9w) is affected.
- Version 10.2(1) is affected.
- Version 7.3(8)N1(1a) is affected.
- Version 9.3(7a) is affected.
- Version 9.3(8) is affected.
- Version 8.4(2d) is affected.
- Version 7.3(10)N1(1) is affected.
- Version 7.0(3)I7(10) is affected.
- Version 7.3(8)N1(1b) is affected.
- Version 10.2(1q) is affected.
- Version 10.2(2) is affected.
- Version 9.3(9) is affected.
- Version 10.1(2t) is affected.
- Version 7.3(11)N1(1) is affected.
- Version 10.2(3) is affected.
- Version 10.2(3t) is affected.
- Version 8.4(2e) is affected.
- Version 9.3(10) is affected.
- Version 7.3(11)N1(1a) is affected.
- Version 10.2(2a) is affected.
- Version 7.3(12)N1(1) is affected.
- Version 9.2(1a) is affected.
- Version 10.3(1) is affected.
- Version 10.2(4) is affected.
- Version 7.3(13)N1(1) is affected.
- Version 10.3(2) is affected.
- Version 9.3(11) is affected.
- Version 10.3(3) is affected.
- Version 10.2(5) is affected.
- Version 9.4(1) is affected.
- Version 9.3(2a) is affected.
- Version 8.4(2f) is affected.
- Version 9.3(12) is affected.
- Version 10.2(3v) is affected.
- Version 10.4(1) is affected.
- Version 10.3(99w) is affected.
- Version 7.3(14)N1(1) is affected.
- Version 10.2(6) is affected.
- Version 10.3(3w) is affected.
- Version 10.3(99x) is affected.
- Version 10.3(3o) is affected.
- Version 10.3(4) is affected.
- Version 10.3(3p) is affected.
- Version 10.3(4a) is affected.
- Version 9.4(1a) is affected.
- Version 10.4(2) is affected.
- Version 10.3(3q) is affected.
- Version 9.3(13) is affected.
- Version 10.3(5) is affected.
- Version 10.2(7) is affected.
- Version 10.4(3) is affected.
- Version 10.3(3x) is affected.
- Version 10.3(4g) is affected.
- Version 10.3(3r) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.