CVE-2024-20285

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 28, 2024
Updated: Aug 29, 2024
CWE ID 653

Summary

CVE-2024-20285 is a vulnerability in the Python interpreter of Cisco NX-OS Software that may allow an authenticated, low-privileged local attacker to escape the Python sandbox and access the underlying operating system. This flaw arises from insufficient validation of user-supplied input, permitting exploitation through manipulation of specific functions within the interpreter. A successful exploit could enable attackers to execute arbitrary commands on the operating system with the authenticated user's privileges. Affected products include various devices running Cisco NX-OS Software, particularly within the Nexus 9000 Series. To remediate this vulnerability, organizations should review product-specific documentation and apply relevant updates or patches provided by Cisco.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share