8.8
CWE
693
Advisory Published
Updated

CVE-2024-20286: Cisco NX-OS Software Python Parser Escape Vulnerability

First published: Wed Aug 28 2024(Updated: )

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
All of
Cisco Nx-os=9.3\(13\)
Any of
Cisco N9k-c92160yc-x
Cisco N9k-c92300yc
Cisco N9k-c92304qc
Cisco N9k-c9232c
Cisco N9k-c92348gc-x
Cisco N9k-c9236c
Cisco N9k-c9272q
Cisco N9k-c93108tc-ex
Cisco N9k-c93108tc-fx
Cisco N9k-c93120tx
Cisco N9k-c93128tx
Cisco N9k-c9316d-gx
Cisco N9k-c93180lc-ex
Cisco N9k-c93180yc-ex
Cisco N9k-c93180yc-fx
Cisco N9k-c93180yc2-fx
Cisco N9k-c93216tc-fx2
Cisco N9k-c93240yc-fx2
Cisco N9k-c9332c
Cisco N9k-c9332d-gx2b
Cisco N9k-c9332pq
Cisco N9k-c93360yc-fx2
Cisco N9k-c9336c-fx2
Cisco N9k-c9348d-gx2a
Cisco N9k-c9348gc-fxp
Cisco N9k-c93600cd-gx
Cisco N9k-c9364c
Cisco N9k-c9364c-gx
Cisco N9k-c9364d-gx2a
Cisco N9k-c9372px
Cisco N9k-c9372px-e
Cisco N9k-c9372tx
Cisco N9k-c9372tx-e
Cisco N9k-c9396px
Cisco N9k-c9396tx
Cisco N9k-c9504
Cisco N9k-c9504-fm-r
Cisco N9k-c9508
Cisco N9k-c9508-fm-r
Cisco N9k-c9516
Cisco N9k-sc-a
Cisco N9k-sup-a
Cisco N9k-sup-a\+
Cisco N9k-sup-b
Cisco N9k-sup-b\+
Cisco N9k-x9400-16w
Cisco N9k-x9400-22l
Cisco N9k-x9400-8d
Cisco N9k-x9432c-s
Cisco N9k-x9464px
Cisco N9k-x9464tx2
Cisco N9k-x9564px
Cisco N9k-x9564tx
Cisco N9k-x96136yc-r
Cisco N9k-x9636c-r
Cisco N9k-x9636c-rx
Cisco N9k-x9636q-r
Cisco N9k-x97160yc-ex
Cisco N9k-x97284yc-fx
Cisco N9k-x9732c-ex
Cisco N9k-x9732c-fx
Cisco N9k-x9736c-ex
Cisco N9k-x9736c-fx
Cisco N9k-x9788tc-fx
Cisco Nexus 3000
Cisco Nexus 3000 Series
Cisco Nexus 3016
Cisco Nexus 3016q
Cisco Nexus 3048
Cisco Nexus 3064
Cisco Nexus 3064-32t
Cisco Nexus 3064-t
Cisco Nexus 3064-x
Cisco Nexus 3064t
Cisco Nexus 3064x
Cisco Nexus 3100
Cisco Nexus 3100-v
Cisco Nexus 3100-z
Cisco Nexus 3100v
Cisco Nexus 31108pc-v
Cisco Nexus 31108pv-v
Cisco Nexus 31108tc-v
Cisco Nexus 31128pq
Cisco Nexus 3132c-z
Cisco Nexus 3132q
Cisco Nexus 3132q-v
Cisco Nexus 3132q-x
Cisco Nexus 3132q-x\/3132q-xl
Cisco Nexus 3132q-xl
Cisco Nexus 3164q
Cisco Nexus 3172
Cisco Nexus 3172pq
Cisco Nexus 3172pq-xl
Cisco Nexus 3172pq\/pq-xl
Cisco Nexus 3172tq
Cisco Nexus 3172tq-32t
Cisco Nexus 3172tq-xl
Cisco Nexus 3200
Cisco Nexus 3232
Cisco Nexus 3232c
Cisco Nexus 3232c
Cisco Nexus 3264c-e
Cisco Nexus 3264q
Cisco Nexus 3400
Cisco Nexus 3408-s
Cisco Nexus 34180yc
Cisco Nexus 34200yc-sm
Cisco Nexus 3432d-s
Cisco Nexus 3464c
Cisco Nexus 3500
Cisco Nexus 3500 Platform
Cisco Nexus 3524
Cisco Nexus 3524-x
Cisco Nexus 3524-x\/xl
Cisco Nexus 3524-xl
Cisco Nexus 3548
Cisco Nexus 3548-x
Cisco Nexus 3548-x\/xl
Cisco Nexus 3548-xl
Cisco Nexus 3600
Cisco Nexus 36180yc-r
Cisco Nexus 3636c-r
Cisco Nexus 9000
Cisco Nexus 9000 In Aci Mode
Cisco Nexus 9000 In Standalone
Cisco Nexus 9000 In Standalone Nx-os Mode
Cisco Nexus 9000v
Cisco Nexus 9200
Cisco Nexus 9200yc
Cisco Nexus 92160yc-x
Cisco Nexus 92160yc Switch
Cisco Nexus 9221c
Cisco Nexus 92300yc
Cisco Nexus 92300yc Switch
Cisco Nexus 92304qc
Cisco Nexus 92304qc Switch
Cisco Nexus 9232e
Cisco Nexus 92348gc-x
Cisco Nexus 9236c
Cisco Nexus 9236c Switch
Cisco Nexus 9272q
Cisco Nexus 9272q Switch
Cisco Nexus 9300
Cisco Nexus 93108tc-ex
Cisco Nexus 93108tc-ex-24
Cisco Nexus 93108tc-ex Switch
Cisco Nexus 93108tc-fx
Cisco Nexus 93108tc-fx-24
Cisco Nexus 93108tc-fx3
Cisco Nexus 93108tc-fx3h
Cisco Nexus 93108tc-fx3p
Cisco Nexus 93120tx
Cisco Nexus 93120tx Switch
Cisco Nexus 93128
Cisco Nexus 93128tx
Cisco Nexus 93128tx Switch
Cisco Nexus 9316d-gx
Cisco Nexus 93180lc-ex
Cisco Nexus 93180lc-ex Switch
Cisco Nexus 93180tc-ex
Cisco Nexus 93180yc-ex
Cisco Nexus 93180yc-ex-24
Cisco Nexus 93180yc-ex Switch
Cisco Nexus 93180yc-fx
Cisco Nexus 93180yc-fx-24
Cisco Nexus 93180yc-fx3
Cisco Nexus 93180yc-fx3h
Cisco Nexus 93180yc-fx3s
Cisco Nexus 93216tc-fx2
Cisco Nexus 93240tc-fx2
Cisco Nexus 93240yc-fx2
Cisco Nexus 9332c
Cisco Nexus 9332d-gx2b
Cisco Nexus 9332d-h2r
Cisco Nexus 9332pq
Cisco Nexus 9332pq Switch
Cisco Nexus 93360yc-fx2
Cisco Nexus 9336c-fx2
Cisco Nexus 9336c-fx2-e
Cisco Nexus 9336pq
Cisco Nexus 9336pq Aci
Cisco Nexus 9336pq Aci Spine
Cisco Nexus 9336pq Aci Spine Switch
Cisco Nexus 93400ld-h1
Cisco Nexus 9348d-gx2a
Cisco Nexus 9348gc-fx3
Cisco Nexus 9348gc-fx3ph
Cisco Nexus 9348gc-fxp
Cisco Nexus 93600cd-gx
Cisco Nexus 9364c
Cisco Nexus 9364c-gx
Cisco Nexus 9364c-h1
Cisco Nexus 9364d-gx2a
Cisco Nexus 9372px
Cisco Nexus 9372px-e
Cisco Nexus 9372px-e Switch
Cisco Nexus 9372px Switch
Cisco Nexus 9372tx
Cisco Nexus 9372tx-e
Cisco Nexus 9372tx-e Switch
Cisco Nexus 9372tx Switch
Cisco Nexus 9396px
Cisco Nexus 9396px Switch
Cisco Nexus 9396tx
Cisco Nexus 9396tx Switch
Cisco Nexus 9408
Cisco Nexus 9432pq
Cisco Nexus 9500
Cisco Nexus 9500 16-slot
Cisco Nexus 9500 4-slot
Cisco Nexus 9500 8-slot
Cisco Nexus 9500 Supervisor A
Cisco Nexus 9500 Supervisor A\+
Cisco Nexus 9500 Supervisor B
Cisco Nexus 9500 Supervisor B\+
Cisco Nexus 9500r
Cisco Nexus 9504
Cisco Nexus 9504 Switch
Cisco Nexus 9508
Cisco Nexus 9508 Switch
Cisco Nexus 9516
Cisco Nexus 9516 Switch
Cisco Nexus 9536pq
Cisco Nexus 9636pq
Cisco Nexus 9716d-gx
Cisco Nexus 9736pq
Cisco Nexus 9800
Cisco Nexus 9800 34-port 100g And 14-port 400g Line Card
Cisco Nexus 9800 36-port 400g Line Card
Cisco Nexus 9804
Cisco Nexus 9808

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203