Action not permitted
Modal body text goes here.
ghsa-2hfc-mfgr-3gpf
Vulnerability from github
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.
The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.
{ "affected": [], "aliases": [ "CVE-2024-20285" ], "database_specific": { "cwe_ids": [ "CWE-653" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-08-28T17:15:07Z", "severity": "MODERATE" }, "details": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\n\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.", "id": "GHSA-2hfc-mfgr-3gpf", "modified": "2024-08-28T18:31:54Z", "published": "2024-08-28T18:31:54Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20285" }, { "type": "WEB", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du" }, { "type": "WEB", "url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ] }
cve-2024-20285
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20285", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T17:19:39.299396Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T17:19:57.207Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.3(6)N1(1a)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "6.2(17a)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.1(4)N1(1c)" }, { "status": "affected", "version": "7.0(3)IM3(1)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3y)" }, { "status": "affected", "version": "7.0(3)I4(1t)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "7.0(3)I7(6z)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "7.0(3)I7(3z)" }, { "status": "affected", "version": "7.0(3)IM7(2)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "7.0(3)IM3(2)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "7.3(2)N1(1c)" }, { "status": "affected", "version": "7.0(3)I5(3b)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "7.3(2)N1(1b)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "7.1(4)N1(1a)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "7.1(3)N1(4)" }, { "status": "affected", "version": "7.0(3)IM3(2a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "7.0(3)IC4(4)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "7.3(4)N1(1a)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(3)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "7.0(3)IM3(2b)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "7.0(3)I5(3)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "7.3(0)N1(1b)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "7.1(4)N1(1d)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "7.1(1)N1(1a)" }, { "status": "affected", "version": "7.0(3)IM3(3)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "7.1(3)N1(2a)" }, { "status": "affected", "version": "7.3(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "7.1(3)N1(5)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "9.3(1z)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "7.0(3)I4(6t)" }, { "status": "affected", "version": "7.0(3)I5(3a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "7.1(2)N1(1a)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)IA7(2)" }, { "status": "affected", "version": "7.0(3)IA7(1)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "6.0(2)U6(10a)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "7.0(3)I7(9w)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "7.3(8)N1(1a)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.3(8)N1(1b)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "7.3(11)N1(1a)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "7.3(13)N1(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.4(1)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "7.3(14)N1(1)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "9.4(1a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "9.3(13)" }, { "status": "affected", "version": "10.3(5)" }, { "status": "affected", "version": "10.2(7)" }, { "status": "affected", "version": "10.4(3)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.3(3r)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-653", "description": "Insufficient Compartmentalization", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:37:27.149Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-psbe-ce-YvbTn5du", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du" }, { "name": "Cisco NX-OS Security with Python", "url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410" } ], "source": { "advisory": "cisco-sa-nxos-psbe-ce-YvbTn5du", "defects": [ "CSCwh77780" ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Python Parser Escape Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20285", "datePublished": "2024-08-28T16:37:27.149Z", "dateReserved": "2023-11-08T15:08:07.626Z", "dateUpdated": "2024-08-28T17:19:57.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.