CVE-2024-20286

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions up to 10.2(1q)

Description A vulnerability in the Python interpreter could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The issue is due to insufficient validation of user-supplied input, which can be exploited by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note that an attacker must be authenticated with Python execution privileges to exploit this vulnerability.

Recommendations For Cisco NX-OS Software versions up to 10.2(1q), upgrade to a fixed version to address the vulnerability. As a temporary workaround, consider restricting access to the Python interpreter to minimize the risk of exploitation. Additionally, ensure that only authorized users have Python execution privileges. For more information regarding Python execution privileges, refer to product-specific documentation, such as the Cisco NX-OS Security with Python section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.