Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20285

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.3, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts limited data confidentiality, limited integrity, and limited availability for affected systems. Impacting 232 products from cisco, from cisco, from cisco and 229 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-08-28T17:15:07.687

Last Modified

2024-10-22T14:37:01.363

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-653
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco nx-os 9.3\(13\) Yes
Hardware cisco n9k-c92160yc-x - No
Hardware cisco n9k-c92300yc - No
Hardware cisco n9k-c92304qc - No
Hardware cisco n9k-c9232c - No
Hardware cisco n9k-c92348gc-x - No
Hardware cisco n9k-c9236c - No
Hardware cisco n9k-c9272q - No
Hardware cisco n9k-c93108tc-ex - No
Hardware cisco n9k-c93108tc-fx - No
Hardware cisco n9k-c93120tx - No
Hardware cisco n9k-c93128tx - No
Hardware cisco n9k-c9316d-gx - No
Hardware cisco n9k-c93180lc-ex - No
Hardware cisco n9k-c93180yc-ex - No
Hardware cisco n9k-c93180yc-fx - No
Hardware cisco n9k-c93180yc2-fx - No
Hardware cisco n9k-c93216tc-fx2 - No
Hardware cisco n9k-c93240yc-fx2 - No
Hardware cisco n9k-c9332c - No
Hardware cisco n9k-c9332d-gx2b - No
Hardware cisco n9k-c9332pq - No
Hardware cisco n9k-c93360yc-fx2 - No
Hardware cisco n9k-c9336c-fx2 - No
Hardware cisco n9k-c9348d-gx2a - No
Hardware cisco n9k-c9348gc-fxp - No
Hardware cisco n9k-c93600cd-gx - No
Hardware cisco n9k-c9364c - No
Hardware cisco n9k-c9364c-gx - No
Hardware cisco n9k-c9364d-gx2a - No
Hardware cisco n9k-c9372px - No
Hardware cisco n9k-c9372px-e - No
Hardware cisco n9k-c9372tx - No
Hardware cisco n9k-c9372tx-e - No
Hardware cisco n9k-c9396px - No
Hardware cisco n9k-c9396tx - No
Hardware cisco n9k-c9504 - No
Hardware cisco n9k-c9504-fm-r - No
Hardware cisco n9k-c9508 - No
Hardware cisco n9k-c9508-fm-r - No
Hardware cisco n9k-c9516 - No
Hardware cisco n9k-sc-a - No
Hardware cisco n9k-sup-a - No
Hardware cisco n9k-sup-a\+ - No
Hardware cisco n9k-sup-b - No
Hardware cisco n9k-sup-b\+ - No
Hardware cisco n9k-x9400-16w - No
Hardware cisco n9k-x9400-22l - No
Hardware cisco n9k-x9400-8d - No
Hardware cisco n9k-x9432c-s - No
Hardware cisco n9k-x9464px - No
Hardware cisco n9k-x9464tx2 - No
Hardware cisco n9k-x9564px - No
Hardware cisco n9k-x9564tx - No
Hardware cisco n9k-x96136yc-r - No
Hardware cisco n9k-x9636c-r - No
Hardware cisco n9k-x9636c-rx - No
Hardware cisco n9k-x9636q-r - No
Hardware cisco n9k-x97160yc-ex - No
Hardware cisco n9k-x97284yc-fx - No
Hardware cisco n9k-x9732c-ex - No
Hardware cisco n9k-x9732c-fx - No
Hardware cisco n9k-x9736c-ex - No
Hardware cisco n9k-x9736c-fx - No
Hardware cisco n9k-x9788tc-fx - No
Hardware cisco nexus_3000 - No
Hardware cisco nexus_3000_series - No
Hardware cisco nexus_3016 - No
Hardware cisco nexus_3016q - No
Hardware cisco nexus_3048 - No
Hardware cisco nexus_3064 - No
Hardware cisco nexus_3064-32t - No
Hardware cisco nexus_3064-t - No
Hardware cisco nexus_3064-x - No
Hardware cisco nexus_3064t - No
Hardware cisco nexus_3064x - No
Hardware cisco nexus_3100 - No
Hardware cisco nexus_3100-v - No
Hardware cisco nexus_3100-z - No
Hardware cisco nexus_3100v - No
Hardware cisco nexus_31108pc-v - No
Hardware cisco nexus_31108pv-v - No
Hardware cisco nexus_31108tc-v - No
Hardware cisco nexus_31128pq - No
Hardware cisco nexus_3132c-z - No
Hardware cisco nexus_3132q - No
Hardware cisco nexus_3132q-v - No
Hardware cisco nexus_3132q-x - No
Hardware cisco nexus_3132q-x\/3132q-xl - No
Hardware cisco nexus_3132q-xl - No
Hardware cisco nexus_3164q - No
Hardware cisco nexus_3172 - No
Hardware cisco nexus_3172pq - No
Hardware cisco nexus_3172pq-xl - No
Hardware cisco nexus_3172pq\/pq-xl - No
Hardware cisco nexus_3172tq - No
Hardware cisco nexus_3172tq-32t - No
Hardware cisco nexus_3172tq-xl - No
Hardware cisco nexus_3200 - No
Hardware cisco nexus_3232 - No
Hardware cisco nexus_3232c - No
Hardware cisco nexus_3232c_ - No
Hardware cisco nexus_3264c-e - No
Hardware cisco nexus_3264q - No
Hardware cisco nexus_3400 - No
Hardware cisco nexus_3408-s - No
Hardware cisco nexus_34180yc - No
Hardware cisco nexus_34200yc-sm - No
Hardware cisco nexus_3432d-s - No
Hardware cisco nexus_3464c - No
Hardware cisco nexus_3500 - No
Hardware cisco nexus_3500_platform - No
Hardware cisco nexus_3524 - No
Hardware cisco nexus_3524-x - No
Hardware cisco nexus_3524-x\/xl - No
Hardware cisco nexus_3524-xl - No
Hardware cisco nexus_3548 - No
Hardware cisco nexus_3548-x - No
Hardware cisco nexus_3548-x\/xl - No
Hardware cisco nexus_3548-xl - No
Hardware cisco nexus_3600 - No
Hardware cisco nexus_36180yc-r - No
Hardware cisco nexus_3636c-r - No
Hardware cisco nexus_9000 - No
Hardware cisco nexus_9000_in_aci_mode - No
Hardware cisco nexus_9000_in_standalone - No
Hardware cisco nexus_9000_in_standalone_nx-os_mode - No
Hardware cisco nexus_9000v - No
Hardware cisco nexus_9200 - No
Hardware cisco nexus_9200yc - No
Hardware cisco nexus_92160yc-x - No
Hardware cisco nexus_92160yc_switch - No
Hardware cisco nexus_9221c - No
Hardware cisco nexus_92300yc - No
Hardware cisco nexus_92300yc_switch - No
Hardware cisco nexus_92304qc - No
Hardware cisco nexus_92304qc_switch - No
Hardware cisco nexus_9232e - No
Hardware cisco nexus_92348gc-x - No
Hardware cisco nexus_9236c - No
Hardware cisco nexus_9236c_switch - No
Hardware cisco nexus_9272q - No
Hardware cisco nexus_9272q_switch - No
Hardware cisco nexus_9300 - No
Hardware cisco nexus_93108tc-ex - No
Hardware cisco nexus_93108tc-ex-24 - No
Hardware cisco nexus_93108tc-ex_switch - No
Hardware cisco nexus_93108tc-fx - No
Hardware cisco nexus_93108tc-fx-24 - No
Hardware cisco nexus_93108tc-fx3 - No
Hardware cisco nexus_93108tc-fx3h - No
Hardware cisco nexus_93108tc-fx3p - No
Hardware cisco nexus_93120tx - No
Hardware cisco nexus_93120tx_switch - No
Hardware cisco nexus_93128 - No
Hardware cisco nexus_93128tx - No
Hardware cisco nexus_93128tx_switch - No
Hardware cisco nexus_9316d-gx - No
Hardware cisco nexus_93180lc-ex - No
Hardware cisco nexus_93180lc-ex_switch - No
Hardware cisco nexus_93180tc-ex - No
Hardware cisco nexus_93180yc-ex - No
Hardware cisco nexus_93180yc-ex-24 - No
Hardware cisco nexus_93180yc-ex_switch - No
Hardware cisco nexus_93180yc-fx - No
Hardware cisco nexus_93180yc-fx-24 - No
Hardware cisco nexus_93180yc-fx3 - No
Hardware cisco nexus_93180yc-fx3h - No
Hardware cisco nexus_93180yc-fx3s - No
Hardware cisco nexus_93216tc-fx2 - No
Hardware cisco nexus_93240tc-fx2 - No
Hardware cisco nexus_93240yc-fx2 - No
Hardware cisco nexus_9332c - No
Hardware cisco nexus_9332d-gx2b - No
Hardware cisco nexus_9332d-h2r - No
Hardware cisco nexus_9332pq - No
Hardware cisco nexus_9332pq_switch - No
Hardware cisco nexus_93360yc-fx2 - No
Hardware cisco nexus_9336c-fx2 - No
Hardware cisco nexus_9336c-fx2-e - No
Hardware cisco nexus_9336pq - No
Hardware cisco nexus_9336pq_aci - No
Hardware cisco nexus_9336pq_aci_spine - No
Hardware cisco nexus_9336pq_aci_spine_switch - No
Hardware cisco nexus_93400ld-h1 - No
Hardware cisco nexus_9348d-gx2a - No
Hardware cisco nexus_9348gc-fx3 - No
Hardware cisco nexus_9348gc-fx3ph - No
Hardware cisco nexus_9348gc-fxp - No
Hardware cisco nexus_93600cd-gx - No
Hardware cisco nexus_9364c - No
Hardware cisco nexus_9364c-gx - No
Hardware cisco nexus_9364c-h1 - No
Hardware cisco nexus_9364d-gx2a - No
Hardware cisco nexus_9372px - No
Hardware cisco nexus_9372px-e - No
Hardware cisco nexus_9372px-e_switch - No
Hardware cisco nexus_9372px_switch - No
Hardware cisco nexus_9372tx - No
Hardware cisco nexus_9372tx-e - No
Hardware cisco nexus_9372tx-e_switch - No
Hardware cisco nexus_9372tx_switch - No
Hardware cisco nexus_9396px - No
Hardware cisco nexus_9396px_switch - No
Hardware cisco nexus_9396tx - No
Hardware cisco nexus_9396tx_switch - No
Hardware cisco nexus_9408 - No
Hardware cisco nexus_9432pq - No
Hardware cisco nexus_9500 - No
Hardware cisco nexus_9500_16-slot - No
Hardware cisco nexus_9500_4-slot - No
Hardware cisco nexus_9500_8-slot - No
Hardware cisco nexus_9500_supervisor_a - No
Hardware cisco nexus_9500_supervisor_a\+ - No
Hardware cisco nexus_9500_supervisor_b - No
Hardware cisco nexus_9500_supervisor_b\+ - No
Hardware cisco nexus_9500r - No
Hardware cisco nexus_9504 - No
Hardware cisco nexus_9504_switch - No
Hardware cisco nexus_9508 - No
Hardware cisco nexus_9508_switch - No
Hardware cisco nexus_9516 - No
Hardware cisco nexus_9516_switch - No
Hardware cisco nexus_9536pq - No
Hardware cisco nexus_9636pq - No
Hardware cisco nexus_9716d-gx - No
Hardware cisco nexus_9736pq - No
Hardware cisco nexus_9800 - No
Hardware cisco nexus_9800_34-port_100g_and_14-port_400g_line_card - No
Hardware cisco nexus_9800_36-port_400g_line_card - No
Hardware cisco nexus_9804 - No
Hardware cisco nexus_9808 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.