8.8

CVE-2024-20285

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. 
Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the  section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoNx-os Version9.3(13)
   CiscoN9k-c92160yc-x Version-
   CiscoN9k-c92300yc Version-
   CiscoN9k-c92304qc Version-
   CiscoN9k-c9232c Version-
   CiscoN9k-c92348gc-x Version-
   CiscoN9k-c9236c Version-
   CiscoN9k-c9272q Version-
   CiscoN9k-c93108tc-ex Version-
   CiscoN9k-c93108tc-fx Version-
   CiscoN9k-c93120tx Version-
   CiscoN9k-c93128tx Version-
   CiscoN9k-c9316d-gx Version-
   CiscoN9k-c93180lc-ex Version-
   CiscoN9k-c93180yc-ex Version-
   CiscoN9k-c93180yc-fx Version-
   CiscoN9k-c93180yc2-fx Version-
   CiscoN9k-c93216tc-fx2 Version-
   CiscoN9k-c93240yc-fx2 Version-
   CiscoN9k-c9332c Version-
   CiscoN9k-c9332d-gx2b Version-
   CiscoN9k-c9332pq Version-
   CiscoN9k-c93360yc-fx2 Version-
   CiscoN9k-c9336c-fx2 Version-
   CiscoN9k-c9348d-gx2a Version-
   CiscoN9k-c9348gc-fxp Version-
   CiscoN9k-c93600cd-gx Version-
   CiscoN9k-c9364c Version-
   CiscoN9k-c9364c-gx Version-
   CiscoN9k-c9364d-gx2a Version-
   CiscoN9k-c9372px Version-
   CiscoN9k-c9372px-e Version-
   CiscoN9k-c9372tx Version-
   CiscoN9k-c9372tx-e Version-
   CiscoN9k-c9396px Version-
   CiscoN9k-c9396tx Version-
   CiscoN9k-c9504 Version-
   CiscoN9k-c9504-fm-r Version-
   CiscoN9k-c9508 Version-
   CiscoN9k-c9508-fm-r Version-
   CiscoN9k-c9516 Version-
   CiscoN9k-sc-a Version-
   CiscoN9k-sup-a Version-
   CiscoN9k-sup-a+ Version-
   CiscoN9k-sup-b Version-
   CiscoN9k-sup-b+ Version-
   CiscoN9k-x9400-16w Version-
   CiscoN9k-x9400-22l Version-
   CiscoN9k-x9400-8d Version-
   CiscoN9k-x9432c-s Version-
   CiscoN9k-x9464px Version-
   CiscoN9k-x9464tx2 Version-
   CiscoN9k-x9564px Version-
   CiscoN9k-x9564tx Version-
   CiscoN9k-x96136yc-r Version-
   CiscoN9k-x9636c-r Version-
   CiscoN9k-x9636c-rx Version-
   CiscoN9k-x9636q-r Version-
   CiscoN9k-x97160yc-ex Version-
   CiscoN9k-x97284yc-fx Version-
   CiscoN9k-x9732c-ex Version-
   CiscoN9k-x9732c-fx Version-
   CiscoN9k-x9736c-ex Version-
   CiscoN9k-x9736c-fx Version-
   CiscoN9k-x9788tc-fx Version-
   CiscoNexus 3000 Version-
   CiscoNexus 3000 Series Version-
   CiscoNexus 3016 Version-
   CiscoNexus 3016q Version-
   CiscoNexus 3048 Version-
   CiscoNexus 3064 Version-
   CiscoNexus 3064-32t Version-
   CiscoNexus 3064-t Version-
   CiscoNexus 3064-x Version-
   CiscoNexus 3064t Version-
   CiscoNexus 3064x Version-
   CiscoNexus 3100 Version-
   CiscoNexus 3100-v Version-
   CiscoNexus 3100-z Version-
   CiscoNexus 3100v Version-
   CiscoNexus 31108pc-v Version-
   CiscoNexus 31108pv-v Version-
   CiscoNexus 31108tc-v Version-
   CiscoNexus 31128pq Version-
   CiscoNexus 3132c-z Version-
   CiscoNexus 3132q Version-
   CiscoNexus 3132q-v Version-
   CiscoNexus 3132q-x Version-
   CiscoNexus 3132q-x/3132q-xl Version-
   CiscoNexus 3132q-xl Version-
   CiscoNexus 3164q Version-
   CiscoNexus 3172 Version-
   CiscoNexus 3172pq Version-
   CiscoNexus 3172pq-xl Version-
   CiscoNexus 3172pq/pq-xl Version-
   CiscoNexus 3172tq Version-
   CiscoNexus 3172tq-32t Version-
   CiscoNexus 3172tq-xl Version-
   CiscoNexus 3200 Version-
   CiscoNexus 3232 Version-
   CiscoNexus 3232c Version-
   CiscoNexus 3232c Version-
   CiscoNexus 3264c-e Version-
   CiscoNexus 3264q Version-
   CiscoNexus 3400 Version-
   CiscoNexus 3408-s Version-
   CiscoNexus 34180yc Version-
   CiscoNexus 34200yc-sm Version-
   CiscoNexus 3432d-s Version-
   CiscoNexus 3464c Version-
   CiscoNexus 3500 Version-
   CiscoNexus 3500 Platform Version-
   CiscoNexus 3524 Version-
   CiscoNexus 3524-x Version-
   CiscoNexus 3524-x/xl Version-
   CiscoNexus 3524-xl Version-
   CiscoNexus 3548 Version-
   CiscoNexus 3548-x Version-
   CiscoNexus 3548-x/xl Version-
   CiscoNexus 3548-xl Version-
   CiscoNexus 3600 Version-
   CiscoNexus 36180yc-r Version-
   CiscoNexus 3636c-r Version-
   CiscoNexus 9000 Version-
   CiscoNexus 9000 In Aci Mode Version-
   CiscoNexus 9000 In Standalone Version-
   CiscoNexus 9000 In Standalone Nx-os Mode Version-
   CiscoNexus 9000v Version-
   CiscoNexus 9200 Version-
   CiscoNexus 9200yc Version-
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92160yc Switch Version-
   CiscoNexus 9221c Version-
   CiscoNexus 92300yc Version-
   CiscoNexus 92300yc Switch Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 92304qc Switch Version-
   CiscoNexus 9232e Version-
   CiscoNexus 92348gc-x Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9236c Switch Version-
   CiscoNexus 9272q Version-
   CiscoNexus 9272q Switch Version-
   CiscoNexus 9300 Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93108tc-ex-24 Version-
   CiscoNexus 93108tc-ex Switch Version-
   CiscoNexus 93108tc-fx Version-
   CiscoNexus 93108tc-fx-24 Version-
   CiscoNexus 93108tc-fx3 Version-
   CiscoNexus 93108tc-fx3h Version-
   CiscoNexus 93108tc-fx3p Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93120tx Switch Version-
   CiscoNexus 93128 Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93128tx Switch Version-
   CiscoNexus 9316d-gx Version-
   CiscoNexus 93180lc-ex Version-
   CiscoNexus 93180lc-ex Switch Version-
   CiscoNexus 93180tc-ex Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 93180yc-ex-24 Version-
   CiscoNexus 93180yc-ex Switch Version-
   CiscoNexus 93180yc-fx Version-
   CiscoNexus 93180yc-fx-24 Version-
   CiscoNexus 93180yc-fx3 Version-
   CiscoNexus 93180yc-fx3h Version-
   CiscoNexus 93180yc-fx3s Version-
   CiscoNexus 93216tc-fx2 Version-
   CiscoNexus 93240tc-fx2 Version-
   CiscoNexus 93240yc-fx2 Version-
   CiscoNexus 9332c Version-
   CiscoNexus 9332d-gx2b Version-
   CiscoNexus 9332d-h2r Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 9332pq Switch Version-
   CiscoNexus 93360yc-fx2 Version-
   CiscoNexus 9336c-fx2 Version-
   CiscoNexus 9336c-fx2-e Version-
   CiscoNexus 9336pq Version-
   CiscoNexus 9336pq Aci Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9336pq Aci Spine Switch Version-
   CiscoNexus 93400ld-h1 Version-
   CiscoNexus 9348d-gx2a Version-
   CiscoNexus 9348gc-fx3 Version-
   CiscoNexus 9348gc-fx3ph Version-
   CiscoNexus 9348gc-fxp Version-
   CiscoNexus 93600cd-gx Version-
   CiscoNexus 9364c Version-
   CiscoNexus 9364c-gx Version-
   CiscoNexus 9364c-h1 Version-
   CiscoNexus 9364d-gx2a Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372px-e Version-
   CiscoNexus 9372px-e Switch Version-
   CiscoNexus 9372px Switch Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9372tx-e Version-
   CiscoNexus 9372tx-e Switch Version-
   CiscoNexus 9372tx Switch Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396px Switch Version-
   CiscoNexus 9396tx Version-
   CiscoNexus 9396tx Switch Version-
   CiscoNexus 9408 Version-
   CiscoNexus 9432pq Version-
   CiscoNexus 9500 Version-
   CiscoNexus 9500 16-slot Version-
   CiscoNexus 9500 4-slot Version-
   CiscoNexus 9500 8-slot Version-
   CiscoNexus 9500 Supervisor A Version-
   CiscoNexus 9500 Supervisor A+ Version-
   CiscoNexus 9500 Supervisor B Version-
   CiscoNexus 9500 Supervisor B+ Version-
   CiscoNexus 9500r Version-
   CiscoNexus 9504 Version-
   CiscoNexus 9504 Switch Version-
   CiscoNexus 9508 Version-
   CiscoNexus 9508 Switch Version-
   CiscoNexus 9516 Version-
   CiscoNexus 9516 Switch Version-
   CiscoNexus 9536pq Version-
   CiscoNexus 9636pq Version-
   CiscoNexus 9716d-gx Version-
   CiscoNexus 9736pq Version-
   CiscoNexus 9800 Version-
   CiscoNexus 9800 34-port 100g And 14-port 400g Line Card Version-
   CiscoNexus 9800 36-port 400g Line Card Version-
   CiscoNexus 9804 Version-
   CiscoNexus 9808 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.242
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
psirt@cisco.com 5.3 1.8 3.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-653 Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.