Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-20285

MEDIUM
Published 2024-08-28T16:37:27.149Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-20285. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.3
/10
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.106
Higher than 10.6% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
LOW

Description

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. 
Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Cisco

Cisco NX-OS Software

Affected Versions:

7.3(6)N1(1a) 8.4(2) 7.3(6)N1(1) 9.2(3) 7.0(3)I5(2) 8.2(1) 6.0(2)A8(7a) 7.0(3)I4(5) 6.0(2)A6(1) 7.3(1)D1(1) 7.0(3)I4(6) 7.3(4)N1(1) 7.0(3)I4(3) 9.2(2v) 6.0(2)A6(5b) 7.3(0)D1(1) 6.2(17a) 7.0(3)I4(7) 6.0(2)U6(1a) 7.1(5)N1(1b) 7.0(3)I4(1) 7.0(3)I4(8) 7.0(3)I4(2) 7.1(4)N1(1c) 7.0(3)IM3(1) 6.0(2)U6(5a) 6.0(2)A8(11) 6.0(2)A6(4a) 6.2(9) 6.2(5) 9.2(1) 9.2(2t) 9.2(3y) 7.0(3)I4(1t) 6.0(2)U6(5c) 6.0(2)A6(4) 7.0(3)I7(6z) 9.3(2) 7.3(1)DY(1) 7.0(3)F3(3) 6.0(2)U6(6) 6.2(29) 7.0(3)I7(3z) 7.0(3)IM7(2) 6.0(2)A8(11b) 6.2(9a) 7.3(0)N1(1) 7.0(3)I7(5a) 6.2(11d) 7.0(3)I6(1) 6.0(2)U6(10) 7.0(3)IM3(2) 6.0(2)A6(8) 6.0(2)U6(1) 7.3(2)N1(1c) 7.0(3)I5(3b) 7.3(5)N1(1) 6.0(2)A6(2a) 7.3(2)N1(1b) 6.2(27) 7.3(1)N1(1) 6.0(2)U6(7) 9.2(4) 7.1(4)N1(1a) 8.1(1) 7.1(3)N1(4) 7.0(3)IM3(2a) 6.0(2)A8(10) 7.1(3)N1(2) 8.2(2) 6.2(13) 6.0(2)A8(2) 7.0(3)IC4(4) 6.2(1) 8.3(2) 7.3(4)N1(1a) 6.0(2)A6(3) 6.0(2)U6(5b) 7.0(3)F3(3c) 7.0(3)F3(1) 6.0(2)U6(5) 7.0(3)F3(5) 7.1(2)N1(1) 7.1(3)N1(3) 6.0(2)A6(7) 7.0(3)I7(2) 6.2(5a) 6.0(2)A6(5) 7.0(3)IM3(2b) 7.1(3)N1(1) 6.0(2)U6(4a) 7.0(3)I5(3) 7.0(3)I7(3) 6.0(2)A8(6) 7.0(3)I6(2) 8.3(1) 6.2(3) 7.1(1)N1(1) 8.1(1b) 7.3(0)N1(1b) 6.0(2)A8(5) 7.1(4)N1(1d) 7.3(2)N1(1) 6.0(2)U6(8) 7.1(1)N1(1a) 7.0(3)IM3(3) 9.3(1) 6.0(2)U6(2) 6.2(9b) 7.1(3)N1(2a) 7.3(0)N1(1a) 6.0(2)A8(7) 7.0(3)I7(6) 8.4(1) 6.2(25) 6.0(2)U6(3a) 6.0(2)A8(11a) 6.2(11e) 7.1(3)N1(5) 7.0(3)I4(8z) 6.2(11) 7.0(3)I4(9) 6.2(19) 7.1(0)N1(1b) 7.0(3)I7(4) 7.0(3)I7(7) 6.2(5b) 7.3(0)DY(1) 6.0(2)A8(9) 6.0(2)A8(1) 7.1(5)N1(1) 6.2(15) 6.0(2)A6(6) 6.0(2)A8(10a) 7.0(3)I5(1) 9.3(1z) 9.2(2) 6.2(7) 6.2(9c) 7.0(3)F3(4) 7.3(3)N1(1) 7.0(3)I4(8b) 6.0(2)A8(3) 6.2(11b) 7.0(3)I4(6t) 7.0(3)I5(3a) 8.1(1a) 6.2(13a) 6.0(2)A8(8) 7.0(3)I7(5) 7.0(3)F3(3a) 7.1(0)N1(1a) 6.0(2)A8(4) 6.0(2)A6(3a) 6.0(2)A6(5a) 7.0(3)F2(1) 7.0(3)I4(8a) 6.0(2)U6(9) 7.0(3)F3(2) 6.0(2)U6(2a) 6.2(17) 7.0(3)I4(4) 6.2(23) 6.2(13b) 6.0(2)U6(3) 7.1(2)N1(1a) 7.0(3)I7(1) 6.2(21) 7.0(3)F2(2) 7.0(3)IA7(2) 7.0(3)IA7(1) 6.0(2)A8(7b) 6.2(11c) 7.0(3)F1(1) 6.0(2)A6(1a) 7.1(0)N1(1) 6.0(2)A6(2) 7.1(4)N1(1) 6.0(2)A8(4a) 6.0(2)U6(4) 8.4(1a) 9.3(3) 7.3(7)N1(1) 6.2(31) 7.0(3)I7(8) 6.0(2)U6(10a) 7.3(7)N1(1a) 9.3(4) 6.2(33) 9.3(5) 8.4(2a) 8.4(2b) 7.3(8)N1(1) 7.0(3)I7(9) 7.3(7)N1(1b) 8.5(1) 9.3(6) 10.1(2) 10.1(1) 8.4(2c) 9.3(5w) 7.3(9)N1(1) 9.3(7) 9.3(7k) 7.0(3)I7(9w) 10.2(1) 7.3(8)N1(1a) 9.3(7a) 9.3(8) 8.4(2d) 7.3(10)N1(1) 7.0(3)I7(10) 7.3(8)N1(1b) 10.2(1q) 10.2(2) 9.3(9) 10.1(2t) 7.3(11)N1(1) 10.2(3) 10.2(3t) 8.4(2e) 9.3(10) 7.3(11)N1(1a) 10.2(2a) 7.3(12)N1(1) 9.2(1a) 10.3(1) 10.2(4) 7.3(13)N1(1) 10.3(2) 9.3(11) 10.3(3) 10.2(5) 9.4(1) 9.3(2a) 8.4(2f) 9.3(12) 10.2(3v) 10.4(1) 10.3(99w) 7.3(14)N1(1) 10.2(6) 10.3(3w) 10.3(99x) 10.3(3o) 10.3(4) 10.3(3p) 10.3(4a) 9.4(1a) 10.4(2) 10.3(3q) 9.3(13) 10.3(5) 10.2(7) 10.4(3) 10.3(3x) 10.3(4g) 10.3(3r)

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-2hfc-mfgr-3gpf

Advisory Details

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-20285
WEB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
WEB https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410

Advisory provided by GitHub Security Advisory Database. Published: August 28, 2024, Modified: August 28, 2024

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410
Published: 2024-08-28T16:37:27.149Z
Last Modified: 2024-08-28T17:19:57.207Z
Copied to clipboard!