CVE-2024-20284

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description A vulnerability in the Python interpreter could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note that an attacker must be authenticated with Python execution privileges to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.