Cisco NX-OS Python Sandbox Escalation (CVE-2024-20286)
CVE-2024-20286 Published on August 28, 2024
Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.
The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.
Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.
Vulnerability Analysis
CVE-2024-20286 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Products Associated with CVE-2024-20286
Want to know whenever a new CVE is published for Cisco Nx Os? stack.watch will email you.
Affected Versions
Cisco NX-OS Software:- Version 8.2(5) is affected.
- Version 7.3(5)D1(1) is affected.
- Version 8.4(2) is affected.
- Version 6.2(2) is affected.
- Version 8.4(3) is affected.
- Version 9.2(3) is affected.
- Version 7.0(3)I5(2) is affected.
- Version 8.2(1) is affected.
- Version 6.0(2)A8(7a) is affected.
- Version 7.0(3)I4(5) is affected.
- Version 6.0(2)A6(1) is affected.
- Version 7.3(1)D1(1) is affected.
- Version 6.2(14a) is affected.
- Version 7.0(3)I4(6) is affected.
- Version 7.0(3)I4(3) is affected.
- Version 9.2(2v) is affected.
- Version 6.0(2)A6(5b) is affected.
- Version 7.3(0)D1(1) is affected.
- Version 6.2(17a) is affected.
- Version 7.0(3)I4(7) is affected.
- Version 6.0(2)U6(1a) is affected.
- Version 7.0(3)I4(1) is affected.
- Version 7.0(3)I4(8) is affected.
- Version 7.0(3)I4(2) is affected.
- Version 7.0(3)IM3(1) is affected.
- Version 6.0(2)U6(5a) is affected.
- Version 6.0(2)A8(11) is affected.
- Version 6.0(2)A6(4a) is affected.
- Version 6.2(9) is affected.
- Version 6.2(5) is affected.
- Version 7.3(4)D1(1) is affected.
- Version 6.2(20) is affected.
- Version 9.2(1) is affected.
- Version 9.2(2t) is affected.
- Version 9.2(3y) is affected.
- Version 7.0(3)I4(1t) is affected.
- Version 6.0(2)U6(5c) is affected.
- Version 6.0(2)A6(4) is affected.
- Version 7.0(3)I7(6z) is affected.
- Version 9.3(2) is affected.
- Version 7.3(1)DY(1) is affected.
- Version 7.0(3)F3(3) is affected.
- Version 6.0(2)U6(6) is affected.
- Version 6.2(29) is affected.
- Version 7.0(3)I7(3z) is affected.
- Version 7.0(3)IM7(2) is affected.
- Version 6.0(2)A8(11b) is affected.
- Version 6.2(9a) is affected.
- Version 7.0(3)I7(5a) is affected.
- Version 6.2(11d) is affected.
- Version 8.1(1) is affected.
- Version 7.0(3)I6(1) is affected.
- Version 6.0(2)U6(10) is affected.
- Version 7.2(2)D1(2) is affected.
- Version 7.0(3)IM3(2) is affected.
- Version 6.0(2)A6(8) is affected.
- Version 8.2(2) is affected.
- Version 6.0(2)U6(1) is affected.
- Version 7.0(3)I5(3b) is affected.
- Version 8.3(2) is affected.
- Version 6.0(2)A6(2a) is affected.
- Version 6.2(27) is affected.
- Version 7.3(2)D1(3a) is affected.
- Version 6.0(2)U6(7) is affected.
- Version 9.2(4) is affected.
- Version 7.0(3)IM3(2a) is affected.
- Version 6.2(8b) is affected.
- Version 6.0(2)A8(10) is affected.
- Version 6.2(13) is affected.
- Version 6.0(2)A8(2) is affected.
- Version 7.0(3)IC4(4) is affected.
- Version 6.2(1) is affected.
- Version 8.1(2) is affected.
- Version 6.0(2)A6(3) is affected.
- Version 6.0(2)U6(5b) is affected.
- Version 7.0(3)F3(3c) is affected.
- Version 7.3(3)D1(1) is affected.
- Version 7.0(3)F3(1) is affected.
- Version 6.0(2)U6(5) is affected.
- Version 7.0(3)F3(5) is affected.
- Version 8.2(3) is affected.
- Version 6.0(2)A6(7) is affected.
- Version 7.0(3)I7(2) is affected.
- Version 6.2(5a) is affected.
- Version 6.2(18) is affected.
- Version 6.0(2)A6(5) is affected.
- Version 7.0(3)IM3(2b) is affected.
- Version 6.0(2)U6(4a) is affected.
- Version 7.0(3)I5(3) is affected.
- Version 7.0(3)I7(3) is affected.
- Version 6.0(2)A8(6) is affected.
- Version 7.0(3)I6(2) is affected.
- Version 8.3(1) is affected.
- Version 6.2(3) is affected.
- Version 6.2(22) is affected.
- Version 8.4(1) is affected.
- Version 8.1(1b) is affected.
- Version 7.2(2)D1(4) is affected.
- Version 6.0(2)A8(5) is affected.
- Version 7.3(0)DX(1) is affected.
- Version 7.3(2)D1(1) is affected.
- Version 6.0(2)U6(8) is affected.
- Version 7.0(3)IM3(3) is affected.
- Version 9.3(1) is affected.
- Version 6.0(2)U6(2) is affected.
- Version 6.2(9b) is affected.
- Version 6.0(2)A8(7) is affected.
- Version 7.0(3)I7(6) is affected.
- Version 7.3(2)D1(2) is affected.
- Version 6.2(25) is affected.
- Version 6.0(2)U6(3a) is affected.
- Version 8.0(1) is affected.
- Version 6.0(2)A8(11a) is affected.
- Version 6.2(11e) is affected.
- Version 7.0(3)I4(8z) is affected.
- Version 6.2(11) is affected.
- Version 7.0(3)I4(9) is affected.
- Version 6.2(16) is affected.
- Version 6.2(19) is affected.
- Version 8.2(4) is affected.
- Version 6.2(2a) is affected.
- Version 7.2(2)D1(3) is affected.
- Version 7.0(3)I7(4) is affected.
- Version 7.0(3)I7(7) is affected.
- Version 6.2(5b) is affected.
- Version 7.3(0)DY(1) is affected.
- Version 6.0(2)A8(9) is affected.
- Version 6.0(2)A8(1) is affected.
- Version 7.2(1)D1(1) is affected.
- Version 6.2(15) is affected.
- Version 6.0(2)A6(6) is affected.
- Version 6.0(2)A8(10a) is affected.
- Version 7.0(3)I5(1) is affected.
- Version 9.3(1z) is affected.
- Version 9.2(2) is affected.
- Version 6.2(7) is affected.
- Version 6.2(9c) is affected.
- Version 7.0(3)F3(4) is affected.
- Version 6.2(6b) is affected.
- Version 7.0(3)I4(8b) is affected.
- Version 8.1(2a) is affected.
- Version 7.3(2)D1(3) is affected.
- Version 6.2(8) is affected.
- Version 6.0(2)A8(3) is affected.
- Version 6.2(11b) is affected.
- Version 7.0(3)I4(6t) is affected.
- Version 7.0(3)I5(3a) is affected.
- Version 8.1(1a) is affected.
- Version 6.2(13a) is affected.
- Version 6.0(2)A8(8) is affected.
- Version 7.0(3)I7(5) is affected.
- Version 7.0(3)F3(3a) is affected.
- Version 6.0(2)A8(4) is affected.
- Version 6.0(2)A6(3a) is affected.
- Version 6.0(2)A6(5a) is affected.
- Version 7.0(3)F2(1) is affected.
- Version 7.0(3)I4(8a) is affected.
- Version 6.0(2)U6(9) is affected.
- Version 7.0(3)F3(2) is affected.
- Version 6.0(2)U6(2a) is affected.
- Version 6.2(12) is affected.
- Version 6.2(17) is affected.
- Version 7.0(3)I4(4) is affected.
- Version 6.2(23) is affected.
- Version 6.2(13b) is affected.
- Version 6.0(2)U6(3) is affected.
- Version 6.2(10) is affected.
- Version 6.2(6a) is affected.
- Version 6.2(6) is affected.
- Version 6.2(14) is affected.
- Version 7.0(3)I7(1) is affected.
- Version 6.2(14b) is affected.
- Version 6.2(21) is affected.
- Version 7.2(2)D1(1) is affected.
- Version 7.0(3)F2(2) is affected.
- Version 7.0(3)IA7(2) is affected.
- Version 7.0(3)IA7(1) is affected.
- Version 6.0(2)A8(7b) is affected.
- Version 6.2(8a) is affected.
- Version 6.2(11c) is affected.
- Version 7.0(3)F1(1) is affected.
- Version 6.0(2)A6(1a) is affected.
- Version 7.2(0)D1(1) is affected.
- Version 6.0(2)A6(2) is affected.
- Version 6.0(2)A8(4a) is affected.
- Version 6.2(20a) is affected.
- Version 6.0(2)U6(4) is affected.
- Version 8.4(1a) is affected.
- Version 9.3(3) is affected.
- Version 7.3(2)D1(1d) is affected.
- Version 6.2(24) is affected.
- Version 6.2(31) is affected.
- Version 7.0(3)I7(8) is affected.
- Version 6.0(2)U6(10a) is affected.
- Version 9.3(4) is affected.
- Version 7.3(6)D1(1) is affected.
- Version 6.2(26) is affected.
- Version 8.2(6) is affected.
- Version 6.2(33) is affected.
- Version 9.3(5) is affected.
- Version 8.4(2a) is affected.
- Version 8.4(2b) is affected.
- Version 7.0(3)I7(9) is affected.
- Version 6.2(24a) is affected.
- Version 8.5(1) is affected.
- Version 9.3(6) is affected.
- Version 10.1(2) is affected.
- Version 10.1(1) is affected.
- Version 8.4(4) is affected.
- Version 7.3(7)D1(1) is affected.
- Version 8.4(2c) is affected.
- Version 9.3(5w) is affected.
- Version 8.2(7) is affected.
- Version 9.3(7) is affected.
- Version 9.3(7k) is affected.
- Version 7.0(3)I7(9w) is affected.
- Version 10.2(1) is affected.
- Version 7.3(8)D1(1) is affected.
- Version 9.3(7a) is affected.
- Version 8.2(7a) is affected.
- Version 9.3(8) is affected.
- Version 8.4(4a) is affected.
- Version 8.4(2d) is affected.
- Version 8.4(5) is affected.
- Version 7.0(3)I7(10) is affected.
- Version 8.2(8) is affected.
- Version 10.2(1q) is affected.
- Version 10.2(2) is affected.
- Version 9.3(9) is affected.
- Version 10.1(2t) is affected.
- Version 7.3(9)D1(1) is affected.
- Version 10.2(3) is affected.
- Version 8.4(6) is affected.
- Version 10.2(3t) is affected.
- Version 8.4(2e) is affected.
- Version 9.3(10) is affected.
- Version 10.2(2a) is affected.
- Version 9.2(1a) is affected.
- Version 8.2(9) is affected.
- Version 10.3(1) is affected.
- Version 10.2(4) is affected.
- Version 8.4(7) is affected.
- Version 10.3(2) is affected.
- Version 8.4(6a) is affected.
- Version 9.3(11) is affected.
- Version 10.3(3) is affected.
- Version 10.2(5) is affected.
- Version 9.4(1) is affected.
- Version 9.3(2a) is affected.
- Version 8.4(2f) is affected.
- Version 8.2(10) is affected.
- Version 9.3(12) is affected.
- Version 10.2(3v) is affected.
- Version 10.4(1) is affected.
- Version 8.4(8) is affected.
- Version 10.3(99w) is affected.
- Version 10.2(6) is affected.
- Version 10.3(3w) is affected.
- Version 10.3(99x) is affected.
- Version 10.3(3o) is affected.
- Version 8.4(9) is affected.
- Version 10.3(4) is affected.
- Version 10.3(3p) is affected.
- Version 10.3(4a) is affected.
- Version 9.4(1a) is affected.
- Version 10.4(2) is affected.
- Version 10.3(3q) is affected.
- Version 9.3(13) is affected.
- Version 10.2(7) is affected.
- Version 10.3(3x) is affected.
- Version 10.3(4g) is affected.
- Version 10.3(3r) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.