CVE-2024-20284: Cisco NX-OS Software Python Parser Escape Vulnerability
First published: Wed Aug 28 2024(Updated: )
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Cisco Nx-os | =9.3\(13\) | |
| Any of | ||
| Cisco N9k-c92160yc-x | ||
| Cisco N9k-c92300yc | ||
| Cisco N9k-c92304qc | ||
| Cisco N9k-c9232c | ||
| Cisco N9k-c92348gc-x | ||
| Cisco N9k-c9236c | ||
| Cisco N9k-c9272q | ||
| Cisco N9k-c93108tc-ex | ||
| Cisco N9k-c93108tc-fx | ||
| Cisco N9k-c93120tx | ||
| Cisco N9k-c93128tx | ||
| Cisco N9k-c9316d-gx | ||
| Cisco N9k-c93180lc-ex | ||
| Cisco N9k-c93180yc-ex | ||
| Cisco N9k-c93180yc-fx | ||
| Cisco N9k-c93180yc2-fx | ||
| Cisco N9k-c93216tc-fx2 | ||
| Cisco N9k-c93240yc-fx2 | ||
| Cisco N9k-c9332c | ||
| Cisco N9k-c9332d-gx2b | ||
| Cisco N9k-c9332pq | ||
| Cisco N9k-c93360yc-fx2 | ||
| Cisco N9k-c9336c-fx2 | ||
| Cisco N9k-c9348d-gx2a | ||
| Cisco N9k-c9348gc-fxp | ||
| Cisco N9k-c93600cd-gx | ||
| Cisco N9k-c9364c | ||
| Cisco N9k-c9364c-gx | ||
| Cisco N9k-c9364d-gx2a | ||
| Cisco N9k-c9372px | ||
| Cisco N9k-c9372px-e | ||
| Cisco N9k-c9372tx | ||
| Cisco N9k-c9372tx-e | ||
| Cisco N9k-c9396px | ||
| Cisco N9k-c9396tx | ||
| Cisco N9k-c9504 | ||
| Cisco N9k-c9504-fm-r | ||
| Cisco N9k-c9508 | ||
| Cisco N9k-c9508-fm-r | ||
| Cisco N9k-c9516 | ||
| Cisco N9k-sc-a | ||
| Cisco N9k-sup-a | ||
| Cisco N9k-sup-a\+ | ||
| Cisco N9k-sup-b | ||
| Cisco N9k-sup-b\+ | ||
| Cisco N9k-x9400-16w | ||
| Cisco N9k-x9400-22l | ||
| Cisco N9k-x9400-8d | ||
| Cisco N9k-x9432c-s | ||
| Cisco N9k-x9464px | ||
| Cisco N9k-x9464tx2 | ||
| Cisco N9k-x9564px | ||
| Cisco N9k-x9564tx | ||
| Cisco N9k-x96136yc-r | ||
| Cisco N9k-x9636c-r | ||
| Cisco N9k-x9636c-rx | ||
| Cisco N9k-x9636q-r | ||
| Cisco N9k-x97160yc-ex | ||
| Cisco N9k-x97284yc-fx | ||
| Cisco N9k-x9732c-ex | ||
| Cisco N9k-x9732c-fx | ||
| Cisco N9k-x9736c-ex | ||
| Cisco N9k-x9736c-fx | ||
| Cisco N9k-x9788tc-fx | ||
| Cisco Nexus 3000 | ||
| Cisco Nexus 3000 Series | ||
| Cisco Nexus 3016 | ||
| Cisco Nexus 3016q | ||
| Cisco Nexus 3048 | ||
| Cisco Nexus 3064 | ||
| Cisco Nexus 3064-32t | ||
| Cisco Nexus 3064-t | ||
| Cisco Nexus 3064-x | ||
| Cisco Nexus 3064t | ||
| Cisco Nexus 3064x | ||
| Cisco Nexus 3100 | ||
| Cisco Nexus 3100-v | ||
| Cisco Nexus 3100-z | ||
| Cisco Nexus 3100v | ||
| Cisco Nexus 31108pc-v | ||
| Cisco Nexus 31108pv-v | ||
| Cisco Nexus 31108tc-v | ||
| Cisco Nexus 31128pq | ||
| Cisco Nexus 3132c-z | ||
| Cisco Nexus 3132q | ||
| Cisco Nexus 3132q-v | ||
| Cisco Nexus 3132q-x | ||
| Cisco Nexus 3132q-x\/3132q-xl | ||
| Cisco Nexus 3132q-xl | ||
| Cisco Nexus 3164q | ||
| Cisco Nexus 3172 | ||
| Cisco Nexus 3172pq | ||
| Cisco Nexus 3172pq-xl | ||
| Cisco Nexus 3172pq\/pq-xl | ||
| Cisco Nexus 3172tq | ||
| Cisco Nexus 3172tq-32t | ||
| Cisco Nexus 3172tq-xl | ||
| Cisco Nexus 3200 | ||
| Cisco Nexus 3232 | ||
| Cisco Nexus 3232c | ||
| Cisco Nexus 3232c | ||
| Cisco Nexus 3264c-e | ||
| Cisco Nexus 3264q | ||
| Cisco Nexus 3400 | ||
| Cisco Nexus 3408-s | ||
| Cisco Nexus 34180yc | ||
| Cisco Nexus 34200yc-sm | ||
| Cisco Nexus 3432d-s | ||
| Cisco Nexus 3464c | ||
| Cisco Nexus 3500 | ||
| Cisco Nexus 3500 Platform | ||
| Cisco Nexus 3524 | ||
| Cisco Nexus 3524-x | ||
| Cisco Nexus 3524-x\/xl | ||
| Cisco Nexus 3524-xl | ||
| Cisco Nexus 3548 | ||
| Cisco Nexus 3548-x | ||
| Cisco Nexus 3548-x\/xl | ||
| Cisco Nexus 3548-xl | ||
| Cisco Nexus 3600 | ||
| Cisco Nexus 36180yc-r | ||
| Cisco Nexus 3636c-r | ||
| Cisco Nexus 9000 | ||
| Cisco Nexus 9000 In Aci Mode | ||
| Cisco Nexus 9000 In Standalone | ||
| Cisco Nexus 9000 In Standalone Nx-os Mode | ||
| Cisco Nexus 9000v | ||
| Cisco Nexus 9200 | ||
| Cisco Nexus 9200yc | ||
| Cisco Nexus 92160yc-x | ||
| Cisco Nexus 92160yc Switch | ||
| Cisco Nexus 9221c | ||
| Cisco Nexus 92300yc | ||
| Cisco Nexus 92300yc Switch | ||
| Cisco Nexus 92304qc | ||
| Cisco Nexus 92304qc Switch | ||
| Cisco Nexus 9232e | ||
| Cisco Nexus 92348gc-x | ||
| Cisco Nexus 9236c | ||
| Cisco Nexus 9236c Switch | ||
| Cisco Nexus 9272q | ||
| Cisco Nexus 9272q Switch | ||
| Cisco Nexus 9300 | ||
| Cisco Nexus 93108tc-ex | ||
| Cisco Nexus 93108tc-ex-24 | ||
| Cisco Nexus 93108tc-ex Switch | ||
| Cisco Nexus 93108tc-fx | ||
| Cisco Nexus 93108tc-fx-24 | ||
| Cisco Nexus 93108tc-fx3 | ||
| Cisco Nexus 93108tc-fx3h | ||
| Cisco Nexus 93108tc-fx3p | ||
| Cisco Nexus 93120tx | ||
| Cisco Nexus 93120tx Switch | ||
| Cisco Nexus 93128 | ||
| Cisco Nexus 93128tx | ||
| Cisco Nexus 93128tx Switch | ||
| Cisco Nexus 9316d-gx | ||
| Cisco Nexus 93180lc-ex | ||
| Cisco Nexus 93180lc-ex Switch | ||
| Cisco Nexus 93180tc-ex | ||
| Cisco Nexus 93180yc-ex | ||
| Cisco Nexus 93180yc-ex-24 | ||
| Cisco Nexus 93180yc-ex Switch | ||
| Cisco Nexus 93180yc-fx | ||
| Cisco Nexus 93180yc-fx-24 | ||
| Cisco Nexus 93180yc-fx3 | ||
| Cisco Nexus 93180yc-fx3h | ||
| Cisco Nexus 93180yc-fx3s | ||
| Cisco Nexus 93216tc-fx2 | ||
| Cisco Nexus 93240tc-fx2 | ||
| Cisco Nexus 93240yc-fx2 | ||
| Cisco Nexus 9332c | ||
| Cisco Nexus 9332d-gx2b | ||
| Cisco Nexus 9332d-h2r | ||
| Cisco Nexus 9332pq | ||
| Cisco Nexus 9332pq Switch | ||
| Cisco Nexus 93360yc-fx2 | ||
| Cisco Nexus 9336c-fx2 | ||
| Cisco Nexus 9336c-fx2-e | ||
| Cisco Nexus 9336pq | ||
| Cisco Nexus 9336pq Aci | ||
| Cisco Nexus 9336pq Aci Spine | ||
| Cisco Nexus 9336pq Aci Spine Switch | ||
| Cisco Nexus 93400ld-h1 | ||
| Cisco Nexus 9348d-gx2a | ||
| Cisco Nexus 9348gc-fx3 | ||
| Cisco Nexus 9348gc-fx3ph | ||
| Cisco Nexus 9348gc-fxp | ||
| Cisco Nexus 93600cd-gx | ||
| Cisco Nexus 9364c | ||
| Cisco Nexus 9364c-gx | ||
| Cisco Nexus 9364c-h1 | ||
| Cisco Nexus 9364d-gx2a | ||
| Cisco Nexus 9372px | ||
| Cisco Nexus 9372px-e | ||
| Cisco Nexus 9372px-e Switch | ||
| Cisco Nexus 9372px Switch | ||
| Cisco Nexus 9372tx | ||
| Cisco Nexus 9372tx-e | ||
| Cisco Nexus 9372tx-e Switch | ||
| Cisco Nexus 9372tx Switch | ||
| Cisco Nexus 9396px | ||
| Cisco Nexus 9396px Switch | ||
| Cisco Nexus 9396tx | ||
| Cisco Nexus 9396tx Switch | ||
| Cisco Nexus 9408 | ||
| Cisco Nexus 9432pq | ||
| Cisco Nexus 9500 | ||
| Cisco Nexus 9500 16-slot | ||
| Cisco Nexus 9500 4-slot | ||
| Cisco Nexus 9500 8-slot | ||
| Cisco Nexus 9500 Supervisor A | ||
| Cisco Nexus 9500 Supervisor A\+ | ||
| Cisco Nexus 9500 Supervisor B | ||
| Cisco Nexus 9500 Supervisor B\+ | ||
| Cisco Nexus 9500r | ||
| Cisco Nexus 9504 | ||
| Cisco Nexus 9504 Switch | ||
| Cisco Nexus 9508 | ||
| Cisco Nexus 9508 Switch | ||
| Cisco Nexus 9516 | ||
| Cisco Nexus 9516 Switch | ||
| Cisco Nexus 9536pq | ||
| Cisco Nexus 9636pq | ||
| Cisco Nexus 9716d-gx | ||
| Cisco Nexus 9736pq | ||
| Cisco Nexus 9800 | ||
| Cisco Nexus 9800 34-port 100g And 14-port 400g Line Card | ||
| Cisco Nexus 9800 36-port 400g Line Card | ||
| Cisco Nexus 9804 | ||
| Cisco Nexus 9808 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
- https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/9.3\(13\)
- canonical/cisco n9k-c92160yc-x
- canonical/cisco n9k-c92300yc
- canonical/cisco n9k-c92304qc
- canonical/cisco n9k-c9232c
- canonical/cisco n9k-c92348gc-x
- canonical/cisco n9k-c9236c
- canonical/cisco n9k-c9272q
- canonical/cisco n9k-c93108tc-ex
- canonical/cisco n9k-c93108tc-fx
- canonical/cisco n9k-c93120tx
- canonical/cisco n9k-c93128tx
- canonical/cisco n9k-c9316d-gx
- canonical/cisco n9k-c93180lc-ex
- canonical/cisco n9k-c93180yc-ex
- canonical/cisco n9k-c93180yc-fx
- canonical/cisco n9k-c93180yc2-fx
- canonical/cisco n9k-c93216tc-fx2
- canonical/cisco n9k-c93240yc-fx2
- canonical/cisco n9k-c9332c
- canonical/cisco n9k-c9332d-gx2b
- canonical/cisco n9k-c9332pq
- canonical/cisco n9k-c93360yc-fx2
- canonical/cisco n9k-c9336c-fx2
- canonical/cisco n9k-c9348d-gx2a
- canonical/cisco n9k-c9348gc-fxp
- canonical/cisco n9k-c93600cd-gx
- canonical/cisco n9k-c9364c
- canonical/cisco n9k-c9364c-gx
- canonical/cisco n9k-c9364d-gx2a
- canonical/cisco n9k-c9372px
- canonical/cisco n9k-c9372px-e
- canonical/cisco n9k-c9372tx
- canonical/cisco n9k-c9372tx-e
- canonical/cisco n9k-c9396px
- canonical/cisco n9k-c9396tx
- canonical/cisco n9k-c9504
- canonical/cisco n9k-c9504-fm-r
- canonical/cisco n9k-c9508
- canonical/cisco n9k-c9508-fm-r
- canonical/cisco n9k-c9516
- canonical/cisco n9k-sc-a
- canonical/cisco n9k-sup-a
- canonical/cisco n9k-sup-a\+
- canonical/cisco n9k-sup-b
- canonical/cisco n9k-sup-b\+
- canonical/cisco n9k-x9400-16w
- canonical/cisco n9k-x9400-22l
- canonical/cisco n9k-x9400-8d
- canonical/cisco n9k-x9432c-s
- canonical/cisco n9k-x9464px
- canonical/cisco n9k-x9464tx2
- canonical/cisco n9k-x9564px
- canonical/cisco n9k-x9564tx
- canonical/cisco n9k-x96136yc-r
- canonical/cisco n9k-x9636c-r
- canonical/cisco n9k-x9636c-rx
- canonical/cisco n9k-x9636q-r
- canonical/cisco n9k-x97160yc-ex
- canonical/cisco n9k-x97284yc-fx
- canonical/cisco n9k-x9732c-ex
- canonical/cisco n9k-x9732c-fx
- canonical/cisco n9k-x9736c-ex
- canonical/cisco n9k-x9736c-fx
- canonical/cisco n9k-x9788tc-fx
- canonical/cisco nexus 3000
- canonical/cisco nexus 3000 series
- canonical/cisco nexus 3016
- canonical/cisco nexus 3016q
- canonical/cisco nexus 3048
- canonical/cisco nexus 3064
- canonical/cisco nexus 3064-32t
- canonical/cisco nexus 3064-t
- canonical/cisco nexus 3064-x
- canonical/cisco nexus 3064t
- canonical/cisco nexus 3064x
- canonical/cisco nexus 3100
- canonical/cisco nexus 3100-v
- canonical/cisco nexus 3100-z
- canonical/cisco nexus 3100v
- canonical/cisco nexus 31108pc-v
- canonical/cisco nexus 31108pv-v
- canonical/cisco nexus 31108tc-v
- canonical/cisco nexus 31128pq
- canonical/cisco nexus 3132c-z
- canonical/cisco nexus 3132q
- canonical/cisco nexus 3132q-v
- canonical/cisco nexus 3132q-x
- canonical/cisco nexus 3132q-x\/3132q-xl
- canonical/cisco nexus 3132q-xl
- canonical/cisco nexus 3164q
- canonical/cisco nexus 3172
- canonical/cisco nexus 3172pq
- canonical/cisco nexus 3172pq-xl
- canonical/cisco nexus 3172pq\/pq-xl
- canonical/cisco nexus 3172tq
- canonical/cisco nexus 3172tq-32t
- canonical/cisco nexus 3172tq-xl
- canonical/cisco nexus 3200
- canonical/cisco nexus 3232
- canonical/cisco nexus 3232c
- canonical/cisco nexus 3264c-e
- canonical/cisco nexus 3264q
- canonical/cisco nexus 3400
- canonical/cisco nexus 3408-s
- canonical/cisco nexus 34180yc
- canonical/cisco nexus 34200yc-sm
- canonical/cisco nexus 3432d-s
- canonical/cisco nexus 3464c
- canonical/cisco nexus 3500
- canonical/cisco nexus 3500 platform
- canonical/cisco nexus 3524
- canonical/cisco nexus 3524-x
- canonical/cisco nexus 3524-x\/xl
- canonical/cisco nexus 3524-xl
- canonical/cisco nexus 3548
- canonical/cisco nexus 3548-x
- canonical/cisco nexus 3548-x\/xl
- canonical/cisco nexus 3548-xl
- canonical/cisco nexus 3600
- canonical/cisco nexus 36180yc-r
- canonical/cisco nexus 3636c-r
- canonical/cisco nexus 9000
- canonical/cisco nexus 9000 in aci mode
- canonical/cisco nexus 9000 in standalone
- canonical/cisco nexus 9000 in standalone nx-os mode
- canonical/cisco nexus 9000v
- canonical/cisco nexus 9200
- canonical/cisco nexus 9200yc
- canonical/cisco nexus 92160yc-x
- canonical/cisco nexus 92160yc switch
- canonical/cisco nexus 9221c
- canonical/cisco nexus 92300yc
- canonical/cisco nexus 92300yc switch
- canonical/cisco nexus 92304qc
- canonical/cisco nexus 92304qc switch
- canonical/cisco nexus 9232e
- canonical/cisco nexus 92348gc-x
- canonical/cisco nexus 9236c
- canonical/cisco nexus 9236c switch
- canonical/cisco nexus 9272q
- canonical/cisco nexus 9272q switch
- canonical/cisco nexus 9300
- canonical/cisco nexus 93108tc-ex
- canonical/cisco nexus 93108tc-ex-24
- canonical/cisco nexus 93108tc-ex switch
- canonical/cisco nexus 93108tc-fx
- canonical/cisco nexus 93108tc-fx-24
- canonical/cisco nexus 93108tc-fx3
- canonical/cisco nexus 93108tc-fx3h
- canonical/cisco nexus 93108tc-fx3p
- canonical/cisco nexus 93120tx
- canonical/cisco nexus 93120tx switch
- canonical/cisco nexus 93128
- canonical/cisco nexus 93128tx
- canonical/cisco nexus 93128tx switch
- canonical/cisco nexus 9316d-gx
- canonical/cisco nexus 93180lc-ex
- canonical/cisco nexus 93180lc-ex switch
- canonical/cisco nexus 93180tc-ex
- canonical/cisco nexus 93180yc-ex
- canonical/cisco nexus 93180yc-ex-24
- canonical/cisco nexus 93180yc-ex switch
- canonical/cisco nexus 93180yc-fx
- canonical/cisco nexus 93180yc-fx-24
- canonical/cisco nexus 93180yc-fx3
- canonical/cisco nexus 93180yc-fx3h
- canonical/cisco nexus 93180yc-fx3s
- canonical/cisco nexus 93216tc-fx2
- canonical/cisco nexus 93240tc-fx2
- canonical/cisco nexus 93240yc-fx2
- canonical/cisco nexus 9332c
- canonical/cisco nexus 9332d-gx2b
- canonical/cisco nexus 9332d-h2r
- canonical/cisco nexus 9332pq
- canonical/cisco nexus 9332pq switch
- canonical/cisco nexus 93360yc-fx2
- canonical/cisco nexus 9336c-fx2
- canonical/cisco nexus 9336c-fx2-e
- canonical/cisco nexus 9336pq
- canonical/cisco nexus 9336pq aci
- canonical/cisco nexus 9336pq aci spine
- canonical/cisco nexus 9336pq aci spine switch
- canonical/cisco nexus 93400ld-h1
- canonical/cisco nexus 9348d-gx2a
- canonical/cisco nexus 9348gc-fx3
- canonical/cisco nexus 9348gc-fx3ph
- canonical/cisco nexus 9348gc-fxp
- canonical/cisco nexus 93600cd-gx
- canonical/cisco nexus 9364c
- canonical/cisco nexus 9364c-gx
- canonical/cisco nexus 9364c-h1
- canonical/cisco nexus 9364d-gx2a
- canonical/cisco nexus 9372px
- canonical/cisco nexus 9372px-e
- canonical/cisco nexus 9372px-e switch
- canonical/cisco nexus 9372px switch
- canonical/cisco nexus 9372tx
- canonical/cisco nexus 9372tx-e
- canonical/cisco nexus 9372tx-e switch
- canonical/cisco nexus 9372tx switch
- canonical/cisco nexus 9396px
- canonical/cisco nexus 9396px switch
- canonical/cisco nexus 9396tx
- canonical/cisco nexus 9396tx switch
- canonical/cisco nexus 9408
- canonical/cisco nexus 9432pq
- canonical/cisco nexus 9500
- canonical/cisco nexus 9500 16-slot
- canonical/cisco nexus 9500 4-slot
- canonical/cisco nexus 9500 8-slot
- canonical/cisco nexus 9500 supervisor a
- canonical/cisco nexus 9500 supervisor a\+
- canonical/cisco nexus 9500 supervisor b
- canonical/cisco nexus 9500 supervisor b\+
- canonical/cisco nexus 9500r
- canonical/cisco nexus 9504
- canonical/cisco nexus 9504 switch
- canonical/cisco nexus 9508
- canonical/cisco nexus 9508 switch
- canonical/cisco nexus 9516
- canonical/cisco nexus 9516 switch
- canonical/cisco nexus 9536pq
- canonical/cisco nexus 9636pq
- canonical/cisco nexus 9716d-gx
- canonical/cisco nexus 9736pq
- canonical/cisco nexus 9800
- canonical/cisco nexus 9800 34-port 100g and 14-port 400g line card
- canonical/cisco nexus 9800 36-port 400g line card
- canonical/cisco nexus 9804
- canonical/cisco nexus 9808