Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2024-20285

Disclosure Date: August 28, 2024
CVE-2024-20285 CVSS v3 Base Score: 8.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. 
Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.8 High
Impact Score:
6
Exploitability Score:
2
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Cisco NX-OS Software 7.3(6)N1(1a)
Cisco NX-OS Software 8.4(2)
Cisco NX-OS Software 7.3(6)N1(1)
Cisco NX-OS Software 9.2(3)
Cisco NX-OS Software 7.0(3)I5(2)
Cisco NX-OS Software 8.2(1)
Cisco NX-OS Software 6.0(2)A8(7a)
Cisco NX-OS Software 7.0(3)I4(5)
Cisco NX-OS Software 6.0(2)A6(1)
Cisco NX-OS Software 7.3(1)D1(1)
Cisco NX-OS Software 7.0(3)I4(6)
Cisco NX-OS Software 7.3(4)N1(1)
Cisco NX-OS Software 7.0(3)I4(3)
Cisco NX-OS Software 9.2(2v)
Cisco NX-OS Software 6.0(2)A6(5b)
Cisco NX-OS Software 7.3(0)D1(1)
Cisco NX-OS Software 6.2(17a)
Cisco NX-OS Software 7.0(3)I4(7)
Cisco NX-OS Software 6.0(2)U6(1a)
Cisco NX-OS Software 7.1(5)N1(1b)
Cisco NX-OS Software 7.0(3)I4(1)
Cisco NX-OS Software 7.0(3)I4(8)
Cisco NX-OS Software 7.0(3)I4(2)
Cisco NX-OS Software 7.1(4)N1(1c)
Cisco NX-OS Software 7.0(3)IM3(1)
Cisco NX-OS Software 6.0(2)U6(5a)
Cisco NX-OS Software 6.0(2)A8(11)
Cisco NX-OS Software 6.0(2)A6(4a)
Cisco NX-OS Software 6.2(9)
Cisco NX-OS Software 6.2(5)
Cisco NX-OS Software 9.2(1)
Cisco NX-OS Software 9.2(2t)
Cisco NX-OS Software 9.2(3y)
Cisco NX-OS Software 7.0(3)I4(1t)
Cisco NX-OS Software 6.0(2)U6(5c)
Cisco NX-OS Software 6.0(2)A6(4)
Cisco NX-OS Software 7.0(3)I7(6z)
Cisco NX-OS Software 9.3(2)
Cisco NX-OS Software 7.3(1)DY(1)
Cisco NX-OS Software 7.0(3)F3(3)
Cisco NX-OS Software 6.0(2)U6(6)
Cisco NX-OS Software 6.2(29)
Cisco NX-OS Software 7.0(3)I7(3z)
Cisco NX-OS Software 7.0(3)IM7(2)
Cisco NX-OS Software 6.0(2)A8(11b)
Cisco NX-OS Software 6.2(9a)
Cisco NX-OS Software 7.3(0)N1(1)
Cisco NX-OS Software 7.0(3)I7(5a)
Cisco NX-OS Software 6.2(11d)
Cisco NX-OS Software 7.0(3)I6(1)
Cisco NX-OS Software 6.0(2)U6(10)
Cisco NX-OS Software 7.0(3)IM3(2)
Cisco NX-OS Software 6.0(2)A6(8)
Cisco NX-OS Software 6.0(2)U6(1)
Cisco NX-OS Software 7.3(2)N1(1c)
Cisco NX-OS Software 7.0(3)I5(3b)
Cisco NX-OS Software 7.3(5)N1(1)
Cisco NX-OS Software 6.0(2)A6(2a)
Cisco NX-OS Software 7.3(2)N1(1b)
Cisco NX-OS Software 6.2(27)
Cisco NX-OS Software 7.3(1)N1(1)
Cisco NX-OS Software 6.0(2)U6(7)
Cisco NX-OS Software 9.2(4)
Cisco NX-OS Software 7.1(4)N1(1a)
Cisco NX-OS Software 8.1(1)
Cisco NX-OS Software 7.1(3)N1(4)
Cisco NX-OS Software 7.0(3)IM3(2a)
Cisco NX-OS Software 6.0(2)A8(10)
Cisco NX-OS Software 7.1(3)N1(2)
Cisco NX-OS Software 8.2(2)
Cisco NX-OS Software 6.2(13)
Cisco NX-OS Software 6.0(2)A8(2)
Cisco NX-OS Software 7.0(3)IC4(4)
Cisco NX-OS Software 6.2(1)
Cisco NX-OS Software 8.3(2)
Cisco NX-OS Software 7.3(4)N1(1a)
Cisco NX-OS Software 6.0(2)A6(3)
Cisco NX-OS Software 6.0(2)U6(5b)
Cisco NX-OS Software 7.0(3)F3(3c)
Cisco NX-OS Software 7.0(3)F3(1)
Cisco NX-OS Software 6.0(2)U6(5)
Cisco NX-OS Software 7.0(3)F3(5)
Cisco NX-OS Software 7.1(2)N1(1)
Cisco NX-OS Software 7.1(3)N1(3)
Cisco NX-OS Software 6.0(2)A6(7)
Cisco NX-OS Software 7.0(3)I7(2)
Cisco NX-OS Software 6.2(5a)
Cisco NX-OS Software 6.0(2)A6(5)
Cisco NX-OS Software 7.0(3)IM3(2b)
Cisco NX-OS Software 7.1(3)N1(1)
Cisco NX-OS Software 6.0(2)U6(4a)
Cisco NX-OS Software 7.0(3)I5(3)
Cisco NX-OS Software 7.0(3)I7(3)
Cisco NX-OS Software 6.0(2)A8(6)
Cisco NX-OS Software 7.0(3)I6(2)
Cisco NX-OS Software 8.3(1)
Cisco NX-OS Software 6.2(3)
Cisco NX-OS Software 7.1(1)N1(1)
Cisco NX-OS Software 8.1(1b)
Cisco NX-OS Software 7.3(0)N1(1b)
Cisco NX-OS Software 6.0(2)A8(5)
Cisco NX-OS Software 7.1(4)N1(1d)
Cisco NX-OS Software 7.3(2)N1(1)
Cisco NX-OS Software 6.0(2)U6(8)
Cisco NX-OS Software 7.1(1)N1(1a)
Cisco NX-OS Software 7.0(3)IM3(3)
Cisco NX-OS Software 9.3(1)
Cisco NX-OS Software 6.0(2)U6(2)
Cisco NX-OS Software 6.2(9b)
Cisco NX-OS Software 7.1(3)N1(2a)
Cisco NX-OS Software 7.3(0)N1(1a)
Cisco NX-OS Software 6.0(2)A8(7)
Cisco NX-OS Software 7.0(3)I7(6)
Cisco NX-OS Software 8.4(1)
Cisco NX-OS Software 6.2(25)
Cisco NX-OS Software 6.0(2)U6(3a)
Cisco NX-OS Software 6.0(2)A8(11a)
Cisco NX-OS Software 6.2(11e)
Cisco NX-OS Software 7.1(3)N1(5)
Cisco NX-OS Software 7.0(3)I4(8z)
Cisco NX-OS Software 6.2(11)
Cisco NX-OS Software 7.0(3)I4(9)
Cisco NX-OS Software 6.2(19)
Cisco NX-OS Software 7.1(0)N1(1b)
Cisco NX-OS Software 7.0(3)I7(4)
Cisco NX-OS Software 7.0(3)I7(7)
Cisco NX-OS Software 6.2(5b)
Cisco NX-OS Software 7.3(0)DY(1)
Cisco NX-OS Software 6.0(2)A8(9)
Cisco NX-OS Software 6.0(2)A8(1)
Cisco NX-OS Software 7.1(5)N1(1)
Cisco NX-OS Software 6.2(15)
Cisco NX-OS Software 6.0(2)A6(6)
Cisco NX-OS Software 6.0(2)A8(10a)
Cisco NX-OS Software 7.0(3)I5(1)
Cisco NX-OS Software 9.3(1z)
Cisco NX-OS Software 9.2(2)
Cisco NX-OS Software 6.2(7)
Cisco NX-OS Software 6.2(9c)
Cisco NX-OS Software 7.0(3)F3(4)
Cisco NX-OS Software 7.3(3)N1(1)
Cisco NX-OS Software 7.0(3)I4(8b)
Cisco NX-OS Software 6.0(2)A8(3)
Cisco NX-OS Software 6.2(11b)
Cisco NX-OS Software 7.0(3)I4(6t)
Cisco NX-OS Software 7.0(3)I5(3a)
Cisco NX-OS Software 8.1(1a)
Cisco NX-OS Software 6.2(13a)
Cisco NX-OS Software 6.0(2)A8(8)
Cisco NX-OS Software 7.0(3)I7(5)
Cisco NX-OS Software 7.0(3)F3(3a)
Cisco NX-OS Software 7.1(0)N1(1a)
Cisco NX-OS Software 6.0(2)A8(4)
Cisco NX-OS Software 6.0(2)A6(3a)
Cisco NX-OS Software 6.0(2)A6(5a)
Cisco NX-OS Software 7.0(3)F2(1)
Cisco NX-OS Software 7.0(3)I4(8a)
Cisco NX-OS Software 6.0(2)U6(9)
Cisco NX-OS Software 7.0(3)F3(2)
Cisco NX-OS Software 6.0(2)U6(2a)
Cisco NX-OS Software 6.2(17)
Cisco NX-OS Software 7.0(3)I4(4)
Cisco NX-OS Software 6.2(23)
Cisco NX-OS Software 6.2(13b)
Cisco NX-OS Software 6.0(2)U6(3)
Cisco NX-OS Software 7.1(2)N1(1a)
Cisco NX-OS Software 7.0(3)I7(1)
Cisco NX-OS Software 6.2(21)
Cisco NX-OS Software 7.0(3)F2(2)
Cisco NX-OS Software 7.0(3)IA7(2)
Cisco NX-OS Software 7.0(3)IA7(1)
Cisco NX-OS Software 6.0(2)A8(7b)
Cisco NX-OS Software 6.2(11c)
Cisco NX-OS Software 7.0(3)F1(1)
Cisco NX-OS Software 6.0(2)A6(1a)
Cisco NX-OS Software 7.1(0)N1(1)
Cisco NX-OS Software 6.0(2)A6(2)
Cisco NX-OS Software 7.1(4)N1(1)
Cisco NX-OS Software 6.0(2)A8(4a)
Cisco NX-OS Software 6.0(2)U6(4)
Cisco NX-OS Software 8.4(1a)
Cisco NX-OS Software 9.3(3)
Cisco NX-OS Software 7.3(7)N1(1)
Cisco NX-OS Software 6.2(31)
Cisco NX-OS Software 7.0(3)I7(8)
Cisco NX-OS Software 6.0(2)U6(10a)
Cisco NX-OS Software 7.3(7)N1(1a)
Cisco NX-OS Software 9.3(4)
Cisco NX-OS Software 6.2(33)
Cisco NX-OS Software 9.3(5)
Cisco NX-OS Software 8.4(2a)
Cisco NX-OS Software 8.4(2b)
Cisco NX-OS Software 7.3(8)N1(1)
Cisco NX-OS Software 7.0(3)I7(9)
Cisco NX-OS Software 7.3(7)N1(1b)
Cisco NX-OS Software 8.5(1)
Cisco NX-OS Software 9.3(6)
Cisco NX-OS Software 10.1(2)
Cisco NX-OS Software 10.1(1)
Cisco NX-OS Software 8.4(2c)
Cisco NX-OS Software 9.3(5w)
Cisco NX-OS Software 7.3(9)N1(1)
Cisco NX-OS Software 9.3(7)
Cisco NX-OS Software 9.3(7k)
Cisco NX-OS Software 7.0(3)I7(9w)
Cisco NX-OS Software 10.2(1)
Cisco NX-OS Software 7.3(8)N1(1a)
Cisco NX-OS Software 9.3(7a)
Cisco NX-OS Software 9.3(8)
Cisco NX-OS Software 8.4(2d)
Cisco NX-OS Software 7.3(10)N1(1)
Cisco NX-OS Software 7.0(3)I7(10)
Cisco NX-OS Software 7.3(8)N1(1b)
Cisco NX-OS Software 10.2(1q)
Cisco NX-OS Software 10.2(2)
Cisco NX-OS Software 9.3(9)
Cisco NX-OS Software 10.1(2t)
Cisco NX-OS Software 7.3(11)N1(1)
Cisco NX-OS Software 10.2(3)
Cisco NX-OS Software 10.2(3t)
Cisco NX-OS Software 8.4(2e)
Cisco NX-OS Software 9.3(10)
Cisco NX-OS Software 7.3(11)N1(1a)
Cisco NX-OS Software 10.2(2a)
Cisco NX-OS Software 7.3(12)N1(1)
Cisco NX-OS Software 9.2(1a)
Cisco NX-OS Software 10.3(1)
Cisco NX-OS Software 10.2(4)
Cisco NX-OS Software 7.3(13)N1(1)
Cisco NX-OS Software 10.3(2)
Cisco NX-OS Software 9.3(11)
Cisco NX-OS Software 10.3(3)
Cisco NX-OS Software 10.2(5)
Cisco NX-OS Software 9.4(1)
Cisco NX-OS Software 9.3(2a)
Cisco NX-OS Software 8.4(2f)
Cisco NX-OS Software 9.3(12)
Cisco NX-OS Software 10.2(3v)
Cisco NX-OS Software 10.4(1)
Cisco NX-OS Software 10.3(99w)
Cisco NX-OS Software 7.3(14)N1(1)
Cisco NX-OS Software 10.2(6)
Cisco NX-OS Software 10.3(3w)
Cisco NX-OS Software 10.3(99x)
Cisco NX-OS Software 10.3(3o)
Cisco NX-OS Software 10.3(4)
Cisco NX-OS Software 10.3(3p)
Cisco NX-OS Software 10.3(4a)
Cisco NX-OS Software 9.4(1a)
Cisco NX-OS Software 10.4(2)
Cisco NX-OS Software 10.3(3q)
Cisco NX-OS Software 9.3(13)
Cisco NX-OS Software 10.3(5)
Cisco NX-OS Software 10.2(7)
Cisco NX-OS Software 10.4(3)
Cisco NX-OS Software 10.3(3x)
Cisco NX-OS Software 10.3(4g)
Cisco NX-OS Software 10.3(3r)
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • cisco

Products

  • nx-os 9.3(13)
Technical Analysis