CVE-2024-20286
HIGH EPSS 9.3%
Published Aug 28, 20241y ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
Published Aug 28, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
9.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-693
Affected Products 232
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | nx-os | 9.3\(13\) | any |
| cisco | n9k-c92160yc-x | * | any |
| cisco | n9k-c92300yc | * | any |
| cisco | n9k-c92304qc | * | any |
| cisco | n9k-c9232c | * | any |
| cisco | n9k-c92348gc-x | * | any |
| cisco | n9k-c9236c | * | any |
| cisco | n9k-c9272q | * | any |
| cisco | n9k-c93108tc-ex | * | any |
| cisco | n9k-c93108tc-fx | * | any |
| cisco | n9k-c93120tx | * | any |
| cisco | n9k-c93128tx | * | any |
| cisco | n9k-c9316d-gx | * | any |
| cisco | n9k-c93180lc-ex | * | any |
| cisco | n9k-c93180yc-ex | * | any |
| cisco | n9k-c93180yc-fx | * | any |
| cisco | n9k-c93180yc2-fx | * | any |
| cisco | n9k-c93216tc-fx2 | * | any |
| cisco | n9k-c93240yc-fx2 | * | any |
| cisco | n9k-c9332c | * | any |
| cisco | n9k-c9332d-gx2b | * | any |
| cisco | n9k-c9332pq | * | any |
| cisco | n9k-c93360yc-fx2 | * | any |
| cisco | n9k-c9336c-fx2 | * | any |
| cisco | n9k-c9348d-gx2a | * | any |
| cisco | n9k-c9348gc-fxp | * | any |
| cisco | n9k-c93600cd-gx | * | any |
| cisco | n9k-c9364c | * | any |
| cisco | n9k-c9364c-gx | * | any |
| cisco | n9k-c9364d-gx2a | * | any |
| cisco | n9k-c9372px | * | any |
| cisco | n9k-c9372px-e | * | any |
| cisco | n9k-c9372tx | * | any |
| cisco | n9k-c9372tx-e | * | any |
| cisco | n9k-c9396px | * | any |
| cisco | n9k-c9396tx | * | any |
| cisco | n9k-c9504 | * | any |
| cisco | n9k-c9504-fm-r | * | any |
| cisco | n9k-c9508 | * | any |
| cisco | n9k-c9508-fm-r | * | any |
| cisco | n9k-c9516 | * | any |
| cisco | n9k-sc-a | * | any |
| cisco | n9k-sup-a | * | any |
| cisco | n9k-sup-a\+ | * | any |
| cisco | n9k-sup-b | * | any |
| cisco | n9k-sup-b\+ | * | any |
| cisco | n9k-x9400-16w | * | any |
| cisco | n9k-x9400-22l | * | any |
| cisco | n9k-x9400-8d | * | any |
| cisco | n9k-x9432c-s | * | any |
| cisco | n9k-x9464px | * | any |
| cisco | n9k-x9464tx2 | * | any |
| cisco | n9k-x9564px | * | any |
| cisco | n9k-x9564tx | * | any |
| cisco | n9k-x96136yc-r | * | any |
| cisco | n9k-x9636c-r | * | any |
| cisco | n9k-x9636c-rx | * | any |
| cisco | n9k-x9636q-r | * | any |
| cisco | n9k-x97160yc-ex | * | any |
| cisco | n9k-x97284yc-fx | * | any |
| cisco | n9k-x9732c-ex | * | any |
| cisco | n9k-x9732c-fx | * | any |
| cisco | n9k-x9736c-ex | * | any |
| cisco | n9k-x9736c-fx | * | any |
| cisco | n9k-x9788tc-fx | * | any |
| cisco | nexus_3000 | * | any |
| cisco | nexus_3000_series | * | any |
| cisco | nexus_3016 | * | any |
| cisco | nexus_3016q | * | any |
| cisco | nexus_3048 | * | any |
| cisco | nexus_3064 | * | any |
| cisco | nexus_3064-32t | * | any |
| cisco | nexus_3064-t | * | any |
| cisco | nexus_3064-x | * | any |
| cisco | nexus_3064t | * | any |
| cisco | nexus_3064x | * | any |
| cisco | nexus_3100 | * | any |
| cisco | nexus_3100-v | * | any |
| cisco | nexus_3100-z | * | any |
| cisco | nexus_3100v | * | any |
| cisco | nexus_31108pc-v | * | any |
| cisco | nexus_31108pv-v | * | any |
| cisco | nexus_31108tc-v | * | any |
| cisco | nexus_31128pq | * | any |
| cisco | nexus_3132c-z | * | any |
| cisco | nexus_3132q | * | any |
| cisco | nexus_3132q-v | * | any |
| cisco | nexus_3132q-x | * | any |
| cisco | nexus_3132q-x\/3132q-xl | * | any |
| cisco | nexus_3132q-xl | * | any |
| cisco | nexus_3164q | * | any |
| cisco | nexus_3172 | * | any |
| cisco | nexus_3172pq | * | any |
| cisco | nexus_3172pq-xl | * | any |
| cisco | nexus_3172pq\/pq-xl | * | any |
| cisco | nexus_3172tq | * | any |
| cisco | nexus_3172tq-32t | * | any |
| cisco | nexus_3172tq-xl | * | any |
| cisco | nexus_3200 | * | any |
| cisco | nexus_3232 | * | any |
| cisco | nexus_3232c | * | any |
| cisco | nexus_3232c_ | * | any |
| cisco | nexus_3264c-e | * | any |
| cisco | nexus_3264q | * | any |
| cisco | nexus_3400 | * | any |
| cisco | nexus_3408-s | * | any |
| cisco | nexus_34180yc | * | any |
| cisco | nexus_34200yc-sm | * | any |
| cisco | nexus_3432d-s | * | any |
| cisco | nexus_3464c | * | any |
| cisco | nexus_3500 | * | any |
| cisco | nexus_3500_platform | * | any |
| cisco | nexus_3524 | * | any |
| cisco | nexus_3524-x | * | any |
| cisco | nexus_3524-x\/xl | * | any |
| cisco | nexus_3524-xl | * | any |
| cisco | nexus_3548 | * | any |
| cisco | nexus_3548-x | * | any |
| cisco | nexus_3548-x\/xl | * | any |
| cisco | nexus_3548-xl | * | any |
| cisco | nexus_3600 | * | any |
| cisco | nexus_36180yc-r | * | any |
| cisco | nexus_3636c-r | * | any |
| cisco | nexus_9000 | * | any |
| cisco | nexus_9000_in_aci_mode | * | any |
| cisco | nexus_9000_in_standalone | * | any |
| cisco | nexus_9000_in_standalone_nx-os_mode | * | any |
| cisco | nexus_9000v | * | any |
| cisco | nexus_9200 | * | any |
| cisco | nexus_9200yc | * | any |
| cisco | nexus_92160yc-x | * | any |
| cisco | nexus_92160yc_switch | * | any |
| cisco | nexus_9221c | * | any |
| cisco | nexus_92300yc | * | any |
| cisco | nexus_92300yc_switch | * | any |
| cisco | nexus_92304qc | * | any |
| cisco | nexus_92304qc_switch | * | any |
| cisco | nexus_9232e | * | any |
| cisco | nexus_92348gc-x | * | any |
| cisco | nexus_9236c | * | any |
| cisco | nexus_9236c_switch | * | any |
| cisco | nexus_9272q | * | any |
| cisco | nexus_9272q_switch | * | any |
| cisco | nexus_9300 | * | any |
| cisco | nexus_93108tc-ex | * | any |
| cisco | nexus_93108tc-ex-24 | * | any |
| cisco | nexus_93108tc-ex_switch | * | any |
| cisco | nexus_93108tc-fx | * | any |
| cisco | nexus_93108tc-fx-24 | * | any |
| cisco | nexus_93108tc-fx3 | * | any |
| cisco | nexus_93108tc-fx3h | * | any |
| cisco | nexus_93108tc-fx3p | * | any |
| cisco | nexus_93120tx | * | any |
| cisco | nexus_93120tx_switch | * | any |
| cisco | nexus_93128 | * | any |
| cisco | nexus_93128tx | * | any |
| cisco | nexus_93128tx_switch | * | any |
| cisco | nexus_9316d-gx | * | any |
| cisco | nexus_93180lc-ex | * | any |
| cisco | nexus_93180lc-ex_switch | * | any |
| cisco | nexus_93180tc-ex | * | any |
| cisco | nexus_93180yc-ex | * | any |
| cisco | nexus_93180yc-ex-24 | * | any |
| cisco | nexus_93180yc-ex_switch | * | any |
| cisco | nexus_93180yc-fx | * | any |
| cisco | nexus_93180yc-fx-24 | * | any |
| cisco | nexus_93180yc-fx3 | * | any |
| cisco | nexus_93180yc-fx3h | * | any |
| cisco | nexus_93180yc-fx3s | * | any |
| cisco | nexus_93216tc-fx2 | * | any |
| cisco | nexus_93240tc-fx2 | * | any |
| cisco | nexus_93240yc-fx2 | * | any |
| cisco | nexus_9332c | * | any |
| cisco | nexus_9332d-gx2b | * | any |
| cisco | nexus_9332d-h2r | * | any |
| cisco | nexus_9332pq | * | any |
| cisco | nexus_9332pq_switch | * | any |
| cisco | nexus_93360yc-fx2 | * | any |
| cisco | nexus_9336c-fx2 | * | any |
| cisco | nexus_9336c-fx2-e | * | any |
| cisco | nexus_9336pq | * | any |
| cisco | nexus_9336pq_aci | * | any |
| cisco | nexus_9336pq_aci_spine | * | any |
| cisco | nexus_9336pq_aci_spine_switch | * | any |
| cisco | nexus_93400ld-h1 | * | any |
| cisco | nexus_9348d-gx2a | * | any |
| cisco | nexus_9348gc-fx3 | * | any |
| cisco | nexus_9348gc-fx3ph | * | any |
| cisco | nexus_9348gc-fxp | * | any |
| cisco | nexus_93600cd-gx | * | any |
| cisco | nexus_9364c | * | any |
| cisco | nexus_9364c-gx | * | any |
| cisco | nexus_9364c-h1 | * | any |
| cisco | nexus_9364d-gx2a | * | any |
| cisco | nexus_9372px | * | any |
| cisco | nexus_9372px-e | * | any |
| cisco | nexus_9372px-e_switch | * | any |
| cisco | nexus_9372px_switch | * | any |
| cisco | nexus_9372tx | * | any |
| cisco | nexus_9372tx-e | * | any |
| cisco | nexus_9372tx-e_switch | * | any |
| cisco | nexus_9372tx_switch | * | any |
| cisco | nexus_9396px | * | any |
| cisco | nexus_9396px_switch | * | any |
| cisco | nexus_9396tx | * | any |
| cisco | nexus_9396tx_switch | * | any |
| cisco | nexus_9408 | * | any |
| cisco | nexus_9432pq | * | any |
| cisco | nexus_9500 | * | any |
| cisco | nexus_9500_16-slot | * | any |
| cisco | nexus_9500_4-slot | * | any |
| cisco | nexus_9500_8-slot | * | any |
| cisco | nexus_9500_supervisor_a | * | any |
| cisco | nexus_9500_supervisor_a\+ | * | any |
| cisco | nexus_9500_supervisor_b | * | any |
| cisco | nexus_9500_supervisor_b\+ | * | any |
| cisco | nexus_9500r | * | any |
| cisco | nexus_9504 | * | any |
| cisco | nexus_9504_switch | * | any |
| cisco | nexus_9508 | * | any |
| cisco | nexus_9508_switch | * | any |
| cisco | nexus_9516 | * | any |
| cisco | nexus_9516_switch | * | any |
| cisco | nexus_9536pq | * | any |
| cisco | nexus_9636pq | * | any |
| cisco | nexus_9716d-gx | * | any |
| cisco | nexus_9736pq | * | any |
| cisco | nexus_9800 | * | any |
| cisco | nexus_9800_34-port_100g_and_14-port_400g_line_card | * | any |
| cisco | nexus_9800_36-port_400g_line_card | * | any |
| cisco | nexus_9804 | * | any |
| cisco | nexus_9808 | * | any |
References 2
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
- cisco.com https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.