CVE-2024-20286Protection Mechanism Failure in Cisco Nx-os Software

CWE-693Protection Mechanism FailureCWE-653Improper Isolation or Compartmentalization4 documents4 sources
Severity
8.8HIGHNVD
CNA5.3
EPSS
0.1%
top 71.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedAug 28

Description

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_software272 versions+271
NVDcisco/nx-os9.3\(13\)

🔴Vulnerability Details

2
CVEList
Cisco NX-OS Software Python Parser Escape Vulnerability2024-08-28
GHSA
GHSA-4j2j-4gr5-gr6h: A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sa2024-08-28

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software Python Sandbox Escape Vulnerabilities2024-08-28
CVE-2024-20286 — Protection Mechanism Failure in Cisco | cvebase