SB2024082916 - Multiple vulnerabilities in Cisco NX-OS Software
Published: August 29, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Protection Mechanism Failure (CVE-ID: CVE-2024-20284)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can manipulate specific functions within the Python interpreter to escape the Python sandbox and execute arbitrary commands on the underlying operating system.
2) Protection Mechanism Failure (CVE-ID: CVE-2024-20285)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can manipulate specific functions within the Python interpreter to escape the Python sandbox and execute arbitrary commands on the underlying operating system.
3) Protection Mechanism Failure (CVE-ID: CVE-2024-20286)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can manipulate specific functions within the Python interpreter to escape the Python sandbox and execute arbitrary commands on the underlying operating system.
Remediation
Install update from vendor's website.
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
- https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410