CVE-2024-20284

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 28, 2024
Updated: Aug 29, 2024
CWE ID 693

Summary

CVE-2024-20284 is a vulnerability found in the Python interpreter of Cisco NX-OS software that allows authenticated, low-privileged local attackers to escape the Python sandbox and gain unauthorized access to the underlying operating system. This issue arises from insufficient validation of user-supplied input, enabling exploitation through manipulation of specific functions within the interpreter. The affected products include various models in the Cisco Nexus 9000 Series. To remediate this vulnerability, organizations should review product-specific documentation for guidelines on managing Python execution privileges and apply any relevant patches provided by Cisco. Organizations face potential risks such as arbitrary command execution with the privileges of an authenticated user, which could lead to further compromise or unauthorized access within their network environment.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share