Vulnerability in Python Interpreter Could Lead to Unauthorized Access
CVE-2024-20285

8.8HIGH

Key Information:

Vendor: Cisco
Status: Nx-os
Vendor: CVE Published:; 28 August 2024

Summary

A vulnerability exists in the Python interpreter of Cisco NX-OS Software that enables a local attacker with authenticated Python execution privileges to escape the Python sandbox environment. This vulnerability arises from insufficient validation of user-supplied input within the Python interpreter. An attacker could exploit this by manipulating specific functions, leading to the execution of arbitrary commands on the underlying operating system with the privileges of the authenticated user. Reference documentation detailing Python execution privileges can provide further information on this issue.

References

https://sec.cloudapps.cisco.com/security/center/content/C...

https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 28, 2024