CVE-2024-20285

8.8

HIGH

"Cisco NX-OS Python Interpreter Use-After-Free Vulnerability"

Description

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

INFO

Published Date :

Aug. 28, 2024, 5:15 p.m.

Last Modified :

Oct. 22, 2024, 2:37 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

6.0

Exploitability Score :

2.0

Affected Products

The following products are affected by CVE-2024-20285 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Cisco	nx-os
2	Cisco	nexus_3000
3	Cisco	nexus_3016q
4	Cisco	nexus_3048
5	Cisco	nexus_3064t
6	Cisco	nexus_3064x
7	Cisco	nexus_3548
8	Cisco	nexus_9000
9	Cisco	nexus_3016
10	Cisco	nexus_3064
11	Cisco	nexus_3064-32t
12	Cisco	nexus_3064-t
13	Cisco	nexus_3064-x
14	Cisco	nexus_3100
15	Cisco	nexus_3100-v
16	Cisco	nexus_3100-z
17	Cisco	nexus_3100v
18	Cisco	nexus_31108pc-v
19	Cisco	nexus_31108pv-v
20	Cisco	nexus_31108tc-v
21	Cisco	nexus_31128pq
22	Cisco	nexus_3132c-z
23	Cisco	nexus_3132q
24	Cisco	nexus_3132q-v
25	Cisco	nexus_3132q-x
26	Cisco	nexus_3132q-x\/3132q-xl
27	Cisco	nexus_3132q-xl
28	Cisco	nexus_3164q
29	Cisco	nexus_3172
30	Cisco	nexus_3172pq
31	Cisco	nexus_3172pq-xl
32	Cisco	nexus_3172pq\/pq-xl
33	Cisco	nexus_3172tq
34	Cisco	nexus_3172tq-32t
35	Cisco	nexus_3172tq-xl
36	Cisco	nexus_3200
37	Cisco	nexus_3232
38	Cisco	nexus_3232c
39	Cisco	nexus_3232c_
40	Cisco	nexus_3264c-e
41	Cisco	nexus_3264q
42	Cisco	nexus_3400
43	Cisco	nexus_3408-s
44	Cisco	nexus_34180yc
45	Cisco	nexus_34200yc-sm
46	Cisco	nexus_3432d-s
47	Cisco	nexus_3464c
48	Cisco	nexus_3500
49	Cisco	nexus_3524
50	Cisco	nexus_3524-x
51	Cisco	nexus_3524-x\/xl
52	Cisco	nexus_3524-xl
53	Cisco	nexus_3548-x
54	Cisco	nexus_3548-x\/xl
55	Cisco	nexus_3548-xl
56	Cisco	nexus_3600
57	Cisco	nexus_36180yc-r
58	Cisco	nexus_3636c-r
59	Cisco	nexus_9000v
60	Cisco	nexus_9200
61	Cisco	nexus_9200yc
62	Cisco	nexus_92160yc-x
63	Cisco	nexus_92160yc_switch
64	Cisco	nexus_9221c
65	Cisco	nexus_92300yc
66	Cisco	nexus_92300yc_switch
67	Cisco	nexus_92304qc
68	Cisco	nexus_92304qc_switch
69	Cisco	nexus_9232e
70	Cisco	nexus_92348gc-x
71	Cisco	nexus_9236c
72	Cisco	nexus_9236c_switch
73	Cisco	nexus_9272q
74	Cisco	nexus_9272q_switch
75	Cisco	nexus_9300
76	Cisco	nexus_93108tc-ex
77	Cisco	nexus_93108tc-ex-24
78	Cisco	nexus_93108tc-ex_switch
79	Cisco	nexus_93108tc-fx
80	Cisco	nexus_93108tc-fx-24
81	Cisco	nexus_93108tc-fx3h
82	Cisco	nexus_93108tc-fx3p
83	Cisco	nexus_93120tx
84	Cisco	nexus_93120tx_switch
85	Cisco	nexus_93128
86	Cisco	nexus_93128tx
87	Cisco	nexus_93128tx_switch
88	Cisco	nexus_9316d-gx
89	Cisco	nexus_93180lc-ex
90	Cisco	nexus_93180lc-ex_switch
91	Cisco	nexus_93180tc-ex
92	Cisco	nexus_93180yc-ex
93	Cisco	nexus_93180yc-ex-24
94	Cisco	nexus_93180yc-ex_switch
95	Cisco	nexus_93180yc-fx
96	Cisco	nexus_93180yc-fx-24
97	Cisco	nexus_93180yc-fx3
98	Cisco	nexus_93180yc-fx3h
99	Cisco	nexus_93180yc-fx3s
100	Cisco	nexus_93216tc-fx2
101	Cisco	nexus_93240tc-fx2
102	Cisco	nexus_93240yc-fx2
103	Cisco	nexus_9332c
104	Cisco	nexus_9332d-gx2b
105	Cisco	nexus_9332d-h2r
106	Cisco	nexus_9332pq
107	Cisco	nexus_9332pq_switch
108	Cisco	nexus_93360yc-fx2
109	Cisco	nexus_9336c-fx2
110	Cisco	nexus_9336c-fx2-e
111	Cisco	nexus_9336pq
112	Cisco	nexus_9336pq_aci
113	Cisco	nexus_9336pq_aci_spine
114	Cisco	nexus_9336pq_aci_spine_switch
115	Cisco	nexus_9348d-gx2a
116	Cisco	nexus_9348gc-fx3
117	Cisco	nexus_9348gc-fxp
118	Cisco	nexus_93600cd-gx
119	Cisco	nexus_9364c
120	Cisco	nexus_9364c-gx
121	Cisco	nexus_9364d-gx2a
122	Cisco	nexus_9372px
123	Cisco	nexus_9372px-e
124	Cisco	nexus_9372px-e_switch
125	Cisco	nexus_9372px_switch
126	Cisco	nexus_9372tx
127	Cisco	nexus_9372tx-e
128	Cisco	nexus_9372tx-e_switch
129	Cisco	nexus_9372tx_switch
130	Cisco	nexus_9396px
131	Cisco	nexus_9396px_switch
132	Cisco	nexus_9396tx
133	Cisco	nexus_9396tx_switch
134	Cisco	nexus_9408
135	Cisco	nexus_9432pq
136	Cisco	nexus_9500
137	Cisco	nexus_9500_16-slot
138	Cisco	nexus_9500_4-slot
139	Cisco	nexus_9500_8-slot
140	Cisco	nexus_9500_supervisor_a
141	Cisco	nexus_9500_supervisor_a\+
142	Cisco	nexus_9500_supervisor_b
143	Cisco	nexus_9500_supervisor_b\+
144	Cisco	nexus_9500r
145	Cisco	nexus_9504
146	Cisco	nexus_9504_switch
147	Cisco	nexus_9508
148	Cisco	nexus_9508_switch
149	Cisco	nexus_9516
150	Cisco	nexus_9516_switch
151	Cisco	nexus_9536pq
152	Cisco	nexus_9636pq
153	Cisco	nexus_9716d-gx
154	Cisco	nexus_9736pq
155	Cisco	nexus_9800
156	Cisco	nexus_9804
157	Cisco	nexus_9808
158	Cisco	nexus_9000_in_aci_mode
159	Cisco	nexus_9000_in_standalone
160	Cisco	nexus_9000_in_standalone_nx-os_mode
161	Cisco	n9k-c92160yc-x
162	Cisco	n9k-c92300yc
163	Cisco	n9k-c92304qc
164	Cisco	n9k-c9232c
165	Cisco	n9k-c92348gc-x
166	Cisco	n9k-c9236c
167	Cisco	n9k-c9272q
168	Cisco	n9k-c93108tc-ex
169	Cisco	n9k-c93108tc-fx
170	Cisco	n9k-c93120tx
171	Cisco	n9k-c93128tx
172	Cisco	n9k-c9316d-gx
173	Cisco	n9k-c93180lc-ex
174	Cisco	n9k-c93180yc-ex
175	Cisco	n9k-c93180yc-fx
176	Cisco	n9k-c93180yc2-fx
177	Cisco	n9k-c93216tc-fx2
178	Cisco	n9k-c93240yc-fx2
179	Cisco	n9k-c9332c
180	Cisco	n9k-c9332d-gx2b
181	Cisco	n9k-c9332pq
182	Cisco	n9k-c93360yc-fx2
183	Cisco	n9k-c9336c-fx2
184	Cisco	n9k-c9348d-gx2a
185	Cisco	n9k-c9348gc-fxp
186	Cisco	n9k-c93600cd-gx
187	Cisco	n9k-c9364c
188	Cisco	n9k-c9364c-gx
189	Cisco	n9k-c9364d-gx2a
190	Cisco	n9k-c9372px
191	Cisco	n9k-c9372px-e
192	Cisco	n9k-c9372tx
193	Cisco	n9k-c9372tx-e
194	Cisco	n9k-c9396px
195	Cisco	n9k-c9396tx
196	Cisco	n9k-c9504
197	Cisco	n9k-c9504-fm-r
198	Cisco	n9k-c9508
199	Cisco	n9k-c9508-fm-r
200	Cisco	n9k-c9516
201	Cisco	n9k-sc-a
202	Cisco	n9k-sup-a
203	Cisco	n9k-sup-a\+
204	Cisco	n9k-sup-b
205	Cisco	n9k-sup-b\+
206	Cisco	n9k-x9400-16w
207	Cisco	n9k-x9400-22l
208	Cisco	n9k-x9400-8d
209	Cisco	n9k-x9432c-s
210	Cisco	n9k-x9464px
211	Cisco	n9k-x9464tx2
212	Cisco	n9k-x9564px
213	Cisco	n9k-x9564tx
214	Cisco	n9k-x96136yc-r
215	Cisco	n9k-x9636c-r
216	Cisco	n9k-x9636c-rx
217	Cisco	n9k-x9636q-r
218	Cisco	n9k-x97160yc-ex
219	Cisco	n9k-x97284yc-fx
220	Cisco	n9k-x9732c-ex
221	Cisco	n9k-x9732c-fx
222	Cisco	n9k-x9736c-ex
223	Cisco	n9k-x9736c-fx
224	Cisco	n9k-x9788tc-fx
225	Cisco	nexus_3000_series
226	Cisco	nexus_3500_platform
227	Cisco	nexus_93108tc-fx3
228	Cisco	nexus_93400ld-h1
229	Cisco	nexus_9348gc-fx3ph
230	Cisco	nexus_9364c-h1
231	Cisco	nexus_9800_34-port_100g_and_14-port_400g_line_card
232	Cisco	nexus_9800_36-port_400g_line_card

: Total Affected Vendor : 1 | Products : 232

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-20285.

URL	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du	Vendor Advisory
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410	Product

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-20285 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-20285 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Initial Analysis by [email protected]

Oct. 22, 2024

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Changed	Reference Type	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du No Types Assigned	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du Vendor Advisory
Changed	Reference Type	https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410 No Types Assigned	https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410 Product
Added	CWE		NIST NVD-CWE-Other
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nx-os:9.3\(13\)::::::: OR cpe:2.3:h:cisco:n9k-c92160yc-x:-:::::::* cpe:2.3:h:cisco:n9k-c92300yc:-:::::::* cpe:2.3:h:cisco:n9k-c92304qc:-:::::::* cpe:2.3:h:cisco:n9k-c9232c:-:::::::* cpe:2.3:h:cisco:n9k-c92348gc-x:-:::::::* cpe:2.3:h:cisco:n9k-c9236c:-:::::::* cpe:2.3:h:cisco:n9k-c9272q:-:::::::* cpe:2.3:h:cisco:n9k-c93108tc-ex:-:::::::* cpe:2.3:h:cisco:n9k-c93108tc-fx:-:::::::* cpe:2.3:h:cisco:n9k-c93120tx:-:::::::* cpe:2.3:h:cisco:n9k-c93128tx:-:::::::* cpe:2.3:h:cisco:n9k-c9316d-gx:-:::::::* cpe:2.3:h:cisco:n9k-c93180lc-ex:-:::::::* cpe:2.3:h:cisco:n9k-c93180yc-ex:-:::::::* cpe:2.3:h:cisco:n9k-c93180yc-fx:-:::::::* cpe:2.3:h:cisco:n9k-c93180yc2-fx:-:::::::* cpe:2.3:h:cisco:n9k-c93216tc-fx2:-:::::::* cpe:2.3:h:cisco:n9k-c93240yc-fx2:-:::::::* cpe:2.3:h:cisco:n9k-c9332c:-:::::::* cpe:2.3:h:cisco:n9k-c9332d-gx2b:-:::::::* cpe:2.3:h:cisco:n9k-c9332pq:-:::::::* cpe:2.3:h:cisco:n9k-c93360yc-fx2:-:::::::* cpe:2.3:h:cisco:n9k-c9336c-fx2:-:::::::* cpe:2.3:h:cisco:n9k-c9348d-gx2a:-:::::::* cpe:2.3:h:cisco:n9k-c9348gc-fxp:-:::::::* cpe:2.3:h:cisco:n9k-c93600cd-gx:-:::::::* cpe:2.3:h:cisco:n9k-c9364c:-:::::::* cpe:2.3:h:cisco:n9k-c9364c-gx:-:::::::* cpe:2.3:h:cisco:n9k-c9364d-gx2a:-:::::::* cpe:2.3:h:cisco:n9k-c9372px:-:::::::* cpe:2.3:h:cisco:n9k-c9372px-e:-:::::::* cpe:2.3:h:cisco:n9k-c9372tx:-:::::::* cpe:2.3:h:cisco:n9k-c9372tx-e:-:::::::* cpe:2.3:h:cisco:n9k-c9396px:-:::::::* cpe:2.3:h:cisco:n9k-c9396tx:-:::::::* cpe:2.3:h:cisco:n9k-c9504:-:::::::* cpe:2.3:h:cisco:n9k-c9504-fm-r:-:::::::* cpe:2.3:h:cisco:n9k-c9508:-:::::::* cpe:2.3:h:cisco:n9k-c9508-fm-r:-:::::::* cpe:2.3:h:cisco:n9k-c9516:-:::::::* cpe:2.3:h:cisco:n9k-sc-a:-:::::::* cpe:2.3:h:cisco:n9k-sup-a:-:::::::* cpe:2.3:h:cisco:n9k-sup-a\+:-:::::::* cpe:2.3:h:cisco:n9k-sup-b:-:::::::* cpe:2.3:h:cisco:n9k-sup-b\+:-:::::::* cpe:2.3:h:cisco:n9k-x9400-16w:-:::::::* cpe:2.3:h:cisco:n9k-x9400-22l:-:::::::* cpe:2.3:h:cisco:n9k-x9400-8d:-:::::::* cpe:2.3:h:cisco:n9k-x9432c-s:-:::::::* cpe:2.3:h:cisco:n9k-x9464px:-:::::::* cpe:2.3:h:cisco:n9k-x9464tx2:-:::::::* cpe:2.3:h:cisco:n9k-x9564px:-:::::::* cpe:2.3:h:cisco:n9k-x9564tx:-:::::::* cpe:2.3:h:cisco:n9k-x96136yc-r:-:::::::* cpe:2.3:h:cisco:n9k-x9636c-r:-:::::::* cpe:2.3:h:cisco:n9k-x9636c-rx:-:::::::* cpe:2.3:h:cisco:n9k-x9636q-r:-:::::::* cpe:2.3:h:cisco:n9k-x97160yc-ex:-:::::::* cpe:2.3:h:cisco:n9k-x97284yc-fx:-:::::::* cpe:2.3:h:cisco:n9k-x9732c-ex:-:::::::* cpe:2.3:h:cisco:n9k-x9732c-fx:-:::::::* cpe:2.3:h:cisco:n9k-x9736c-ex:-:::::::* cpe:2.3:h:cisco:n9k-x9736c-fx:-:::::::* cpe:2.3:h:cisco:n9k-x9788tc-fx:-:::::::* cpe:2.3:h:cisco:nexus_3000:-:::::::* cpe:2.3:h:cisco:nexus_3000_series:-:::::::* cpe:2.3:h:cisco:nexus_3016:-:::::::* cpe:2.3:h:cisco:nexus_3016q:-:::::::* cpe:2.3:h:cisco:nexus_3048:-:::::::* cpe:2.3:h:cisco:nexus_3064:-:::::::* cpe:2.3:h:cisco:nexus_3064-32t:-:::::::* cpe:2.3:h:cisco:nexus_3064-t:-:::::::* cpe:2.3:h:cisco:nexus_3064-x:-:::::::* cpe:2.3:h:cisco:nexus_3064t:-:::::::* cpe:2.3:h:cisco:nexus_3064x:-:::::::* cpe:2.3:h:cisco:nexus_3100:-:::::::* cpe:2.3:h:cisco:nexus_3100-v:-:::::::* cpe:2.3:h:cisco:nexus_3100-z:-:::::::* cpe:2.3:h:cisco:nexus_3100v:-:::::::* cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::* cpe:2.3:h:cisco:nexus_31108pv-v:-:::::::* cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::* cpe:2.3:h:cisco:nexus_31128pq:-:::::::* cpe:2.3:h:cisco:nexus_3132c-z:-:::::::* cpe:2.3:h:cisco:nexus_3132q:-:::::::* cpe:2.3:h:cisco:nexus_3132q-v:-:::::::* cpe:2.3:h:cisco:nexus_3132q-x:-:::::::* cpe:2.3:h:cisco:nexus_3132q-x\/3132q-xl:-:::::::* cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::* cpe:2.3:h:cisco:nexus_3164q:-:::::::* cpe:2.3:h:cisco:nexus_3172:-:::::::* cpe:2.3:h:cisco:nexus_3172pq:-:::::::* cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3172pq\/pq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3172tq:-:::::::* cpe:2.3:h:cisco:nexus_3172tq-32t:-:::::::* cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3200:-:::::::* cpe:2.3:h:cisco:nexus_3232:-:::::::* cpe:2.3:h:cisco:nexus_3232c:-:::::::* cpe:2.3:h:cisco:nexus_3232c_:-:::::::* cpe:2.3:h:cisco:nexus_3264c-e:-:::::::* cpe:2.3:h:cisco:nexus_3264q:-:::::::* cpe:2.3:h:cisco:nexus_3400:-:::::::* cpe:2.3:h:cisco:nexus_3408-s:-:::::::* cpe:2.3:h:cisco:nexus_34180yc:-:::::::* cpe:2.3:h:cisco:nexus_34200yc-sm:-:::::::* cpe:2.3:h:cisco:nexus_3432d-s:-:::::::* cpe:2.3:h:cisco:nexus_3464c:-:::::::* cpe:2.3:h:cisco:nexus_3500:-:::::::* cpe:2.3:h:cisco:nexus_3500_platform:-:::::::* cpe:2.3:h:cisco:nexus_3524:-:::::::* cpe:2.3:h:cisco:nexus_3524-x:-:::::::* cpe:2.3:h:cisco:nexus_3524-x\/xl:-:::::::* cpe:2.3:h:cisco:nexus_3524-xl:-:::::::* cpe:2.3:h:cisco:nexus_3548:-:::::::* cpe:2.3:h:cisco:nexus_3548-x:-:::::::* cpe:2.3:h:cisco:nexus_3548-x\/xl:-:::::::* cpe:2.3:h:cisco:nexus_3548-xl:-:::::::* cpe:2.3:h:cisco:nexus_3600:-:::::::* cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::* cpe:2.3:h:cisco:nexus_3636c-r:-:::::::* cpe:2.3:h:cisco:nexus_9000:-:::::::* cpe:2.3:h:cisco:nexus_9000_in_aci_mode:-:::::::* cpe:2.3:h:cisco:nexus_9000_in_standalone:-:::::::* cpe:2.3:h:cisco:nexus_9000_in_standalone_nx-os_mode:-:::::::* cpe:2.3:h:cisco:nexus_9000v:-:::::::* cpe:2.3:h:cisco:nexus_9200:-:::::::* cpe:2.3:h:cisco:nexus_9200yc:-:::::::* cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::* cpe:2.3:h:cisco:nexus_92160yc_switch:-:::::::* cpe:2.3:h:cisco:nexus_9221c:-:::::::* cpe:2.3:h:cisco:nexus_92300yc:-:::::::* cpe:2.3:h:cisco:nexus_92300yc_switch:-:::::::* cpe:2.3:h:cisco:nexus_92304qc:-:::::::* cpe:2.3:h:cisco:nexus_92304qc_switch:-:::::::* cpe:2.3:h:cisco:nexus_9232e:-:::::::* cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::* cpe:2.3:h:cisco:nexus_9236c:-:::::::* cpe:2.3:h:cisco:nexus_9236c_switch:-:::::::* cpe:2.3:h:cisco:nexus_9272q:-:::::::* cpe:2.3:h:cisco:nexus_9272q_switch:-:::::::* cpe:2.3:h:cisco:nexus_9300:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx3:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:::::::* cpe:2.3:h:cisco:nexus_93120tx:-:::::::* cpe:2.3:h:cisco:nexus_93120tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_93128:-:::::::* cpe:2.3:h:cisco:nexus_93128tx:-:::::::* cpe:2.3:h:cisco:nexus_93128tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_9316d-gx:-:::::::* cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:::::::* cpe:2.3:h:cisco:nexus_93180tc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:::::::* cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_93240tc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_9332c:-:::::::* cpe:2.3:h:cisco:nexus_9332d-gx2b:-:::::::* cpe:2.3:h:cisco:nexus_9332d-h2r:-:::::::* cpe:2.3:h:cisco:nexus_9332pq:-:::::::* cpe:2.3:h:cisco:nexus_9332pq_switch:-:::::::* cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::* cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:::::::* cpe:2.3:h:cisco:nexus_9336pq:-:::::::* cpe:2.3:h:cisco:nexus_9336pq_aci:-:::::::* cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:::::::* cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:::::::* cpe:2.3:h:cisco:nexus_93400ld-h1:-:::::::* cpe:2.3:h:cisco:nexus_9348d-gx2a:-:::::::* cpe:2.3:h:cisco:nexus_9348gc-fx3:-:::::::* cpe:2.3:h:cisco:nexus_9348gc-fx3ph:-:::::::* cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::* cpe:2.3:h:cisco:nexus_93600cd-gx:-:::::::* cpe:2.3:h:cisco:nexus_9364c:-:::::::* cpe:2.3:h:cisco:nexus_9364c-gx:-:::::::* cpe:2.3:h:cisco:nexus_9364c-h1:-:::::::* cpe:2.3:h:cisco:nexus_9364d-gx2a:-:::::::* cpe:2.3:h:cisco:nexus_9372px:-:::::::* cpe:2.3:h:cisco:nexus_9372px-e:-:::::::* cpe:2.3:h:cisco:nexus_9372px-e_switch:-:::::::* cpe:2.3:h:cisco:nexus_9372px_switch:-:::::::* cpe:2.3:h:cisco:nexus_9372tx:-:::::::* cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::* cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:::::::* cpe:2.3:h:cisco:nexus_9372tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_9396px:-:::::::* cpe:2.3:h:cisco:nexus_9396px_switch:-:::::::* cpe:2.3:h:cisco:nexus_9396tx:-:::::::* cpe:2.3:h:cisco:nexus_9396tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_9408:-:::::::* cpe:2.3:h:cisco:nexus_9432pq:-:::::::* cpe:2.3:h:cisco:nexus_9500:-:::::::* cpe:2.3:h:cisco:nexus_9500_16-slot:-:::::::* cpe:2.3:h:cisco:nexus_9500_4-slot:-:::::::* cpe:2.3:h:cisco:nexus_9500_8-slot:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_a\+:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_b\+:-:::::::* cpe:2.3:h:cisco:nexus_9500r:-:::::::* cpe:2.3:h:cisco:nexus_9504:-:::::::* cpe:2.3:h:cisco:nexus_9504_switch:-:::::::* cpe:2.3:h:cisco:nexus_9508:-:::::::* cpe:2.3:h:cisco:nexus_9508_switch:-:::::::* cpe:2.3:h:cisco:nexus_9516:-:::::::* cpe:2.3:h:cisco:nexus_9516_switch:-:::::::* cpe:2.3:h:cisco:nexus_9536pq:-:::::::* cpe:2.3:h:cisco:nexus_9636pq:-:::::::* cpe:2.3:h:cisco:nexus_9716d-gx:-:::::::* cpe:2.3:h:cisco:nexus_9736pq:-:::::::* cpe:2.3:h:cisco:nexus_9800:-:::::::* cpe:2.3:h:cisco:nexus_9800_34-port_100g_and_14-port_400g_line_card:-:::::::* cpe:2.3:h:cisco:nexus_9800_36-port_400g_line_card:-:::::::* cpe:2.3:h:cisco:nexus_9804:-:::::::* cpe:2.3:h:cisco:nexus_9808:-:::::::*

CVE Received by [email protected]

Aug. 28, 2024

Action	Type	New Value
Added	Description	A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.
Added	Reference	Cisco Systems, Inc. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du [No types assigned]
Added	Reference	Cisco Systems, Inc. https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410 [No types assigned]
Added	CWE	Cisco Systems, Inc. CWE-653
Added	CVSS V3.1	Cisco Systems, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-20285 is associated with the following CWEs:

CWE-653: Improper Isolation or Compartmentalization

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-20285 weaknesses.

CVE-2024-20285

"Cisco NX-OS Python Interpreter Use-After-Free Vulnerability"

Description

INFO

Aug. 28, 2024, 5:15 p.m.

Oct. 22, 2024, 2:37 p.m.

[email protected]

No

6.0

2.0

Affected Products

References to Advisories, Solutions, and Tools

Initial Analysis by [email protected]

CVE Received by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable