CVE-2024-20286

Cisco NX-OS Software Python Parser Escape Vulnerability

Description

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

INFO

Published Date :

2024-08-28T16:37:17.319Z

Last Modified :

2024-08-28T17:23:56.426Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2024-20286 vulnerability.

Vendors	Products
Cisco	N9k-c92160yc-x N9k-c92300yc N9k-c92304qc N9k-c9232c N9k-c92348gc-x N9k-c9236c N9k-c9272q N9k-c93108tc-ex N9k-c93108tc-fx N9k-c93120tx N9k-c93128tx N9k-c9316d-gx N9k-c93180lc-ex N9k-c93180yc-ex N9k-c93180yc-fx N9k-c93180yc2-fx N9k-c93216tc-fx2 N9k-c93240yc-fx2 N9k-c9332c N9k-c9332d-gx2b N9k-c9332pq N9k-c93360yc-fx2 N9k-c9336c-fx2 N9k-c9348d-gx2a N9k-c9348gc-fxp N9k-c93600cd-gx N9k-c9364c N9k-c9364c-gx N9k-c9364d-gx2a N9k-c9372px N9k-c9372px-e N9k-c9372tx N9k-c9372tx-e N9k-c9396px N9k-c9396tx N9k-c9504 N9k-c9504-fm-r N9k-c9508 N9k-c9508-fm-r N9k-c9516 N9k-sc-a N9k-sup-a N9k-sup-a\+ N9k-sup-b N9k-sup-b\+ N9k-x9400-16w N9k-x9400-22l N9k-x9400-8d N9k-x9432c-s N9k-x9464px N9k-x9464tx2 N9k-x9564px N9k-x9564tx N9k-x96136yc-r N9k-x9636c-r N9k-x9636c-rx N9k-x9636q-r N9k-x97160yc-ex N9k-x97284yc-fx N9k-x9732c-ex N9k-x9732c-fx N9k-x9736c-ex N9k-x9736c-fx N9k-x9788tc-fx Nexus 3000 Nexus 3000 Series Nexus 3016 Nexus 3016q Nexus 3048 Nexus 3064 Nexus 3064-32t Nexus 3064-t Nexus 3064-x Nexus 3064t Nexus 3064x Nexus 3100 Nexus 3100-v Nexus 3100-z Nexus 3100v Nexus 31108pc-v Nexus 31108pv-v Nexus 31108tc-v Nexus 31128pq Nexus 3132c-z Nexus 3132q Nexus 3132q-v Nexus 3132q-x Nexus 3132q-x\/3132q-xl Nexus 3132q-xl Nexus 3164q Nexus 3172 Nexus 3172pq Nexus 3172pq-xl Nexus 3172pq\/pq-xl Nexus 3172tq Nexus 3172tq-32t Nexus 3172tq-xl Nexus 3200 Nexus 3232 Nexus 3232c Nexus 3232c Nexus 3264c-e Nexus 3264q Nexus 3400 Nexus 3408-s Nexus 34180yc Nexus 34200yc-sm Nexus 3432d-s Nexus 3464c Nexus 3500 Nexus 3500 Platform Nexus 3524 Nexus 3524-x Nexus 3524-x\/xl Nexus 3524-xl Nexus 3548 Nexus 3548-x Nexus 3548-x\/xl Nexus 3548-xl Nexus 3600 Nexus 36180yc-r Nexus 3636c-r Nexus 9000 Nexus 9000 In Aci Mode Nexus 9000 In Standalone Nexus 9000 In Standalone Nx-os Mode Nexus 9000v Nexus 9200 Nexus 9200yc Nexus 92160yc-x Nexus 92160yc Switch Nexus 9221c Nexus 92300yc Nexus 92300yc Switch Nexus 92304qc Nexus 92304qc Switch Nexus 9232e Nexus 92348gc-x Nexus 9236c Nexus 9236c Switch Nexus 9272q Nexus 9272q Switch Nexus 9300 Nexus 93108tc-ex Nexus 93108tc-ex-24 Nexus 93108tc-ex Switch Nexus 93108tc-fx Nexus 93108tc-fx-24 Nexus 93108tc-fx3 Nexus 93108tc-fx3h Nexus 93108tc-fx3p Nexus 93120tx Nexus 93120tx Switch Nexus 93128 Nexus 93128tx Nexus 93128tx Switch Nexus 9316d-gx Nexus 93180lc-ex Nexus 93180lc-ex Switch Nexus 93180tc-ex Nexus 93180yc-ex Nexus 93180yc-ex-24 Nexus 93180yc-ex Switch Nexus 93180yc-fx Nexus 93180yc-fx-24 Nexus 93180yc-fx3 Nexus 93180yc-fx3h Nexus 93180yc-fx3s Nexus 93216tc-fx2 Nexus 93240tc-fx2 Nexus 93240yc-fx2 Nexus 9332c Nexus 9332d-gx2b Nexus 9332d-h2r Nexus 9332pq Nexus 9332pq Switch Nexus 93360yc-fx2 Nexus 9336c-fx2 Nexus 9336c-fx2-e Nexus 9336pq Nexus 9336pq Aci Nexus 9336pq Aci Spine Nexus 9336pq Aci Spine Switch Nexus 93400ld-h1 Nexus 9348d-gx2a Nexus 9348gc-fx3 Nexus 9348gc-fx3ph Nexus 9348gc-fxp Nexus 93600cd-gx Nexus 9364c Nexus 9364c-gx Nexus 9364c-h1 Nexus 9364d-gx2a Nexus 9372px Nexus 9372px-e Nexus 9372px-e Switch Nexus 9372px Switch Nexus 9372tx Nexus 9372tx-e Nexus 9372tx-e Switch Nexus 9372tx Switch Nexus 9396px Nexus 9396px Switch Nexus 9396tx Nexus 9396tx Switch Nexus 9408 Nexus 9432pq Nexus 9500 Nexus 9500 16-slot Nexus 9500 4-slot Nexus 9500 8-slot Nexus 9500 Supervisor A Nexus 9500 Supervisor A\+ Nexus 9500 Supervisor B Nexus 9500 Supervisor B\+ Nexus 9500r Nexus 9504 Nexus 9504 Switch Nexus 9508 Nexus 9508 Switch Nexus 9516 Nexus 9516 Switch Nexus 9536pq Nexus 9636pq Nexus 9716d-gx Nexus 9736pq Nexus 9800 Nexus 9800 34-port 100g And 14-port 400g Line Card Nexus 9800 36-port 400g Line Card Nexus 9804 Nexus 9808 Nx-os

Vendors

Products

Cisco

N9k-c92160yc-x
N9k-c92300yc
N9k-c92304qc
N9k-c9232c
N9k-c92348gc-x
N9k-c9236c
N9k-c9272q
N9k-c93108tc-ex
N9k-c93108tc-fx
N9k-c93120tx
N9k-c93128tx
N9k-c9316d-gx
N9k-c93180lc-ex
N9k-c93180yc-ex
N9k-c93180yc-fx
N9k-c93180yc2-fx
N9k-c93216tc-fx2
N9k-c93240yc-fx2
N9k-c9332c
N9k-c9332d-gx2b
N9k-c9332pq
N9k-c93360yc-fx2
N9k-c9336c-fx2
N9k-c9348d-gx2a
N9k-c9348gc-fxp
N9k-c93600cd-gx
N9k-c9364c
N9k-c9364c-gx
N9k-c9364d-gx2a
N9k-c9372px
N9k-c9372px-e
N9k-c9372tx
N9k-c9372tx-e
N9k-c9396px
N9k-c9396tx
N9k-c9504
N9k-c9504-fm-r
N9k-c9508
N9k-c9508-fm-r
N9k-c9516
N9k-sc-a
N9k-sup-a
N9k-sup-a\+
N9k-sup-b
N9k-sup-b\+
N9k-x9400-16w
N9k-x9400-22l
N9k-x9400-8d
N9k-x9432c-s
N9k-x9464px
N9k-x9464tx2
N9k-x9564px
N9k-x9564tx
N9k-x96136yc-r
N9k-x9636c-r
N9k-x9636c-rx
N9k-x9636q-r
N9k-x97160yc-ex
N9k-x97284yc-fx
N9k-x9732c-ex
N9k-x9732c-fx
N9k-x9736c-ex
N9k-x9736c-fx
N9k-x9788tc-fx
Nexus 3000
Nexus 3000 Series
Nexus 3016
Nexus 3016q
Nexus 3048
Nexus 3064
Nexus 3064-32t
Nexus 3064-t
Nexus 3064-x
Nexus 3064t
Nexus 3064x
Nexus 3100
Nexus 3100-v
Nexus 3100-z
Nexus 3100v
Nexus 31108pc-v
Nexus 31108pv-v
Nexus 31108tc-v
Nexus 31128pq
Nexus 3132c-z
Nexus 3132q
Nexus 3132q-v
Nexus 3132q-x
Nexus 3132q-x\/3132q-xl
Nexus 3132q-xl
Nexus 3164q
Nexus 3172
Nexus 3172pq
Nexus 3172pq-xl
Nexus 3172pq\/pq-xl
Nexus 3172tq
Nexus 3172tq-32t
Nexus 3172tq-xl
Nexus 3200
Nexus 3232
Nexus 3232c
Nexus 3232c
Nexus 3264c-e
Nexus 3264q
Nexus 3400
Nexus 3408-s
Nexus 34180yc
Nexus 34200yc-sm
Nexus 3432d-s
Nexus 3464c
Nexus 3500
Nexus 3500 Platform
Nexus 3524
Nexus 3524-x
Nexus 3524-x\/xl
Nexus 3524-xl
Nexus 3548
Nexus 3548-x
Nexus 3548-x\/xl
Nexus 3548-xl
Nexus 3600
Nexus 36180yc-r
Nexus 3636c-r
Nexus 9000
Nexus 9000 In Aci Mode
Nexus 9000 In Standalone
Nexus 9000 In Standalone Nx-os Mode
Nexus 9000v
Nexus 9200
Nexus 9200yc
Nexus 92160yc-x
Nexus 92160yc Switch
Nexus 9221c
Nexus 92300yc
Nexus 92300yc Switch
Nexus 92304qc
Nexus 92304qc Switch
Nexus 9232e
Nexus 92348gc-x
Nexus 9236c
Nexus 9236c Switch
Nexus 9272q
Nexus 9272q Switch
Nexus 9300
Nexus 93108tc-ex
Nexus 93108tc-ex-24
Nexus 93108tc-ex Switch
Nexus 93108tc-fx
Nexus 93108tc-fx-24
Nexus 93108tc-fx3
Nexus 93108tc-fx3h
Nexus 93108tc-fx3p
Nexus 93120tx
Nexus 93120tx Switch
Nexus 93128
Nexus 93128tx
Nexus 93128tx Switch
Nexus 9316d-gx
Nexus 93180lc-ex
Nexus 93180lc-ex Switch
Nexus 93180tc-ex
Nexus 93180yc-ex
Nexus 93180yc-ex-24
Nexus 93180yc-ex Switch
Nexus 93180yc-fx
Nexus 93180yc-fx-24
Nexus 93180yc-fx3
Nexus 93180yc-fx3h
Nexus 93180yc-fx3s
Nexus 93216tc-fx2
Nexus 93240tc-fx2
Nexus 93240yc-fx2
Nexus 9332c
Nexus 9332d-gx2b
Nexus 9332d-h2r
Nexus 9332pq
Nexus 9332pq Switch
Nexus 93360yc-fx2
Nexus 9336c-fx2
Nexus 9336c-fx2-e
Nexus 9336pq
Nexus 9336pq Aci
Nexus 9336pq Aci Spine
Nexus 9336pq Aci Spine Switch
Nexus 93400ld-h1
Nexus 9348d-gx2a
Nexus 9348gc-fx3
Nexus 9348gc-fx3ph
Nexus 9348gc-fxp
Nexus 93600cd-gx
Nexus 9364c
Nexus 9364c-gx
Nexus 9364c-h1
Nexus 9364d-gx2a
Nexus 9372px
Nexus 9372px-e
Nexus 9372px-e Switch
Nexus 9372px Switch
Nexus 9372tx
Nexus 9372tx-e
Nexus 9372tx-e Switch
Nexus 9372tx Switch
Nexus 9396px
Nexus 9396px Switch
Nexus 9396tx
Nexus 9396tx Switch
Nexus 9408
Nexus 9432pq
Nexus 9500
Nexus 9500 16-slot
Nexus 9500 4-slot
Nexus 9500 8-slot
Nexus 9500 Supervisor A
Nexus 9500 Supervisor A\+
Nexus 9500 Supervisor B
Nexus 9500 Supervisor B\+
Nexus 9500r
Nexus 9504
Nexus 9504 Switch
Nexus 9508
Nexus 9508 Switch
Nexus 9516
Nexus 9516 Switch
Nexus 9536pq
Nexus 9636pq
Nexus 9716d-gx
Nexus 9736pq
Nexus 9800
Nexus 9800 34-port 100g And 14-port 400g Line Card
Nexus 9800 36-port 400g Line Card
Nexus 9804
Nexus 9808
Nx-os

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20286.

URL	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact