CVE-2024-20285
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-20285 is a vulnerability in the Python interpreter of Cisco NX-OS Software that may allow an authenticated, low-privileged local attacker to escape the Python sandbox and access the underlying operating system. This flaw arises from insufficient validation of user-supplied input, permitting exploitation through manipulation of specific functions within the interpreter. A successful exploit could enable attackers to execute arbitrary commands on the operating system with the authenticated user's privileges. Affected products include various devices running Cisco NX-OS Software, particularly within the Nexus 9000 Series. To remediate this vulnerability, organizations should review product-specific documentation and apply relevant updates or patches provided by Cisco.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.