{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-20284","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2023-11-08T15:08:07.626Z","datePublished":"2024-08-28T16:37:35.281Z","dateUpdated":"2024-08-28T17:19:17.361Z"},"containers":{"cna":{"title":"Cisco NX-OS Software Python Parser Escape Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.&nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the  section of the Cisco Nexus 9000 Series NX-OS Programmability Guide."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du","name":"cisco-sa-nxos-psbe-ce-YvbTn5du"},{"url":"https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410","name":"Cisco NX-OS Security with Python"}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}],"source":{"advisory":"cisco-sa-nxos-psbe-ce-YvbTn5du","discovery":"INTERNAL","defects":["CSCwh77779"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Protection Mechanism Failure","type":"cwe","cweId":"CWE-693"}]}],"affected":[{"vendor":"Cisco","product":"Cisco NX-OS Software","versions":[{"version":"8.2(5)","status":"affected"},{"version":"7.3(6)N1(1a)","status":"affected"},{"version":"7.3(5)D1(1)","status":"affected"},{"version":"8.4(2)","status":"affected"},{"version":"7.3(6)N1(1)","status":"affected"},{"version":"6.2(2)","status":"affected"},{"version":"8.4(3)","status":"affected"},{"version":"9.2(3)","status":"affected"},{"version":"7.0(3)I5(2)","status":"affected"},{"version":"8.2(1)","status":"affected"},{"version":"6.0(2)A8(7a)","status":"affected"},{"version":"7.0(3)I4(5)","status":"affected"},{"version":"6.0(2)A6(1)","status":"affected"},{"version":"7.3(1)D1(1)","status":"affected"},{"version":"6.2(14a)","status":"affected"},{"version":"7.0(3)I4(6)","status":"affected"},{"version":"7.3(4)N1(1)","status":"affected"},{"version":"7.0(3)I4(3)","status":"affected"},{"version":"9.2(2v)","status":"affected"},{"version":"6.0(2)A6(5b)","status":"affected"},{"version":"7.3(0)D1(1)","status":"affected"},{"version":"6.2(17a)","status":"affected"},{"version":"7.0(3)I4(7)","status":"affected"},{"version":"6.0(2)U6(1a)","status":"affected"},{"version":"7.1(5)N1(1b)","status":"affected"},{"version":"7.0(3)I4(1)","status":"affected"},{"version":"7.0(3)I4(8)","status":"affected"},{"version":"7.0(3)I4(2)","status":"affected"},{"version":"7.1(4)N1(1c)","status":"affected"},{"version":"7.0(3)IM3(1)","status":"affected"},{"version":"6.0(2)U6(5a)","status":"affected"},{"version":"6.0(2)A8(11)","status":"affected"},{"version":"6.0(2)A6(4a)","status":"affected"},{"version":"6.2(9)","status":"affected"},{"version":"6.2(5)","status":"affected"},{"version":"7.3(4)D1(1)","status":"affected"},{"version":"6.2(20)","status":"affected"},{"version":"9.2(1)","status":"affected"},{"version":"9.2(2t)","status":"affected"},{"version":"9.2(3y)","status":"affected"},{"version":"7.0(3)I4(1t)","status":"affected"},{"version":"6.0(2)U6(5c)","status":"affected"},{"version":"6.0(2)A6(4)","status":"affected"},{"version":"7.0(3)I7(6z)","status":"affected"},{"version":"9.3(2)","status":"affected"},{"version":"7.3(1)DY(1)","status":"affected"},{"version":"7.0(3)F3(3)","status":"affected"},{"version":"6.0(2)U6(6)","status":"affected"},{"version":"6.2(29)","status":"affected"},{"version":"7.0(3)I7(3z)","status":"affected"},{"version":"7.0(3)IM7(2)","status":"affected"},{"version":"6.0(2)A8(11b)","status":"affected"},{"version":"6.2(9a)","status":"affected"},{"version":"7.3(0)N1(1)","status":"affected"},{"version":"7.0(3)I7(5a)","status":"affected"},{"version":"6.2(11d)","status":"affected"},{"version":"8.1(1)","status":"affected"},{"version":"7.0(3)I6(1)","status":"affected"},{"version":"6.0(2)U6(10)","status":"affected"},{"version":"7.2(2)D1(2)","status":"affected"},{"version":"7.0(3)IM3(2)","status":"affected"},{"version":"6.0(2)A6(8)","status":"affected"},{"version":"8.2(2)","status":"affected"},{"version":"6.0(2)U6(1)","status":"affected"},{"version":"7.3(2)N1(1c)","status":"affected"},{"version":"7.0(3)I5(3b)","status":"affected"},{"version":"8.3(2)","status":"affected"},{"version":"7.3(5)N1(1)","status":"affected"},{"version":"6.0(2)A6(2a)","status":"affected"},{"version":"7.3(2)N1(1b)","status":"affected"},{"version":"6.2(27)","status":"affected"},{"version":"7.3(2)D1(3a)","status":"affected"},{"version":"7.3(1)N1(1)","status":"affected"},{"version":"6.0(2)U6(7)","status":"affected"},{"version":"9.2(4)","status":"affected"},{"version":"7.1(4)N1(1a)","status":"affected"},{"version":"7.1(3)N1(4)","status":"affected"},{"version":"7.0(3)IM3(2a)","status":"affected"},{"version":"6.2(8b)","status":"affected"},{"version":"6.0(2)A8(10)","status":"affected"},{"version":"7.1(3)N1(2)","status":"affected"},{"version":"6.2(13)","status":"affected"},{"version":"6.0(2)A8(2)","status":"affected"},{"version":"7.0(3)IC4(4)","status":"affected"},{"version":"6.2(1)","status":"affected"},{"version":"7.3(4)N1(1a)","status":"affected"},{"version":"8.1(2)","status":"affected"},{"version":"6.0(2)A6(3)","status":"affected"},{"version":"6.0(2)U6(5b)","status":"affected"},{"version":"7.0(3)F3(3c)","status":"affected"},{"version":"7.3(3)D1(1)","status":"affected"},{"version":"7.0(3)F3(1)","status":"affected"},{"version":"6.0(2)U6(5)","status":"affected"},{"version":"7.0(3)F3(5)","status":"affected"},{"version":"7.1(2)N1(1)","status":"affected"},{"version":"7.1(3)N1(3)","status":"affected"},{"version":"8.2(3)","status":"affected"},{"version":"6.0(2)A6(7)","status":"affected"},{"version":"7.0(3)I7(2)","status":"affected"},{"version":"6.2(5a)","status":"affected"},{"version":"6.2(18)","status":"affected"},{"version":"6.0(2)A6(5)","status":"affected"},{"version":"7.0(3)IM3(2b)","status":"affected"},{"version":"7.1(3)N1(1)","status":"affected"},{"version":"6.0(2)U6(4a)","status":"affected"},{"version":"7.0(3)I5(3)","status":"affected"},{"version":"7.0(3)I7(3)","status":"affected"},{"version":"6.0(2)A8(6)","status":"affected"},{"version":"7.0(3)I6(2)","status":"affected"},{"version":"8.3(1)","status":"affected"},{"version":"6.2(3)","status":"affected"},{"version":"6.2(22)","status":"affected"},{"version":"7.1(1)N1(1)","status":"affected"},{"version":"8.4(1)","status":"affected"},{"version":"8.1(1b)","status":"affected"},{"version":"7.3(0)N1(1b)","status":"affected"},{"version":"7.2(2)D1(4)","status":"affected"},{"version":"6.0(2)A8(5)","status":"affected"},{"version":"7.3(0)DX(1)","status":"affected"},{"version":"7.1(4)N1(1d)","status":"affected"},{"version":"7.3(2)D1(1)","status":"affected"},{"version":"7.3(2)N1(1)","status":"affected"},{"version":"6.0(2)U6(8)","status":"affected"},{"version":"7.1(1)N1(1a)","status":"affected"},{"version":"7.0(3)IM3(3)","status":"affected"},{"version":"9.3(1)","status":"affected"},{"version":"6.0(2)U6(2)","status":"affected"},{"version":"6.2(9b)","status":"affected"},{"version":"7.1(3)N1(2a)","status":"affected"},{"version":"7.3(0)N1(1a)","status":"affected"},{"version":"6.0(2)A8(7)","status":"affected"},{"version":"7.0(3)I7(6)","status":"affected"},{"version":"7.3(2)D1(2)","status":"affected"},{"version":"6.2(25)","status":"affected"},{"version":"6.0(2)U6(3a)","status":"affected"},{"version":"8.0(1)","status":"affected"},{"version":"6.0(2)A8(11a)","status":"affected"},{"version":"6.2(11e)","status":"affected"},{"version":"7.1(3)N1(5)","status":"affected"},{"version":"7.0(3)I4(8z)","status":"affected"},{"version":"6.2(11)","status":"affected"},{"version":"7.0(3)I4(9)","status":"affected"},{"version":"6.2(16)","status":"affected"},{"version":"6.2(19)","status":"affected"},{"version":"8.2(4)","status":"affected"},{"version":"6.2(2a)","status":"affected"},{"version":"7.2(2)D1(3)","status":"affected"},{"version":"7.1(0)N1(1b)","status":"affected"},{"version":"7.0(3)I7(4)","status":"affected"},{"version":"7.0(3)I7(7)","status":"affected"},{"version":"6.2(5b)","status":"affected"},{"version":"7.3(0)DY(1)","status":"affected"},{"version":"6.0(2)A8(9)","status":"affected"},{"version":"6.0(2)A8(1)","status":"affected"},{"version":"7.1(5)N1(1)","status":"affected"},{"version":"7.2(1)D1(1)","status":"affected"},{"version":"6.2(15)","status":"affected"},{"version":"6.0(2)A6(6)","status":"affected"},{"version":"6.0(2)A8(10a)","status":"affected"},{"version":"7.0(3)I5(1)","status":"affected"},{"version":"9.3(1z)","status":"affected"},{"version":"9.2(2)","status":"affected"},{"version":"6.2(7)","status":"affected"},{"version":"6.2(9c)","status":"affected"},{"version":"7.0(3)F3(4)","status":"affected"},{"version":"7.3(3)N1(1)","status":"affected"},{"version":"6.2(6b)","status":"affected"},{"version":"7.0(3)I4(8b)","status":"affected"},{"version":"8.1(2a)","status":"affected"},{"version":"7.3(2)D1(3)","status":"affected"},{"version":"6.2(8)","status":"affected"},{"version":"6.0(2)A8(3)","status":"affected"},{"version":"6.2(11b)","status":"affected"},{"version":"7.0(3)I4(6t)","status":"affected"},{"version":"7.0(3)I5(3a)","status":"affected"},{"version":"8.1(1a)","status":"affected"},{"version":"6.2(13a)","status":"affected"},{"version":"6.0(2)A8(8)","status":"affected"},{"version":"7.0(3)I7(5)","status":"affected"},{"version":"7.0(3)F3(3a)","status":"affected"},{"version":"7.1(0)N1(1a)","status":"affected"},{"version":"6.0(2)A8(4)","status":"affected"},{"version":"6.0(2)A6(3a)","status":"affected"},{"version":"6.0(2)A6(5a)","status":"affected"},{"version":"7.0(3)F2(1)","status":"affected"},{"version":"7.0(3)I4(8a)","status":"affected"},{"version":"6.0(2)U6(9)","status":"affected"},{"version":"7.0(3)F3(2)","status":"affected"},{"version":"6.0(2)U6(2a)","status":"affected"},{"version":"6.2(12)","status":"affected"},{"version":"6.2(17)","status":"affected"},{"version":"7.0(3)I4(4)","status":"affected"},{"version":"6.2(23)","status":"affected"},{"version":"6.2(13b)","status":"affected"},{"version":"6.0(2)U6(3)","status":"affected"},{"version":"6.2(10)","status":"affected"},{"version":"6.2(6a)","status":"affected"},{"version":"6.2(6)","status":"affected"},{"version":"7.1(2)N1(1a)","status":"affected"},{"version":"6.2(14)","status":"affected"},{"version":"7.0(3)I7(1)","status":"affected"},{"version":"6.2(14b)","status":"affected"},{"version":"6.2(21)","status":"affected"},{"version":"7.2(2)D1(1)","status":"affected"},{"version":"7.0(3)F2(2)","status":"affected"},{"version":"7.0(3)IA7(2)","status":"affected"},{"version":"7.0(3)IA7(1)","status":"affected"},{"version":"6.0(2)A8(7b)","status":"affected"},{"version":"6.2(8a)","status":"affected"},{"version":"6.2(11c)","status":"affected"},{"version":"7.0(3)F1(1)","status":"affected"},{"version":"6.0(2)A6(1a)","status":"affected"},{"version":"7.1(0)N1(1)","status":"affected"},{"version":"7.2(0)D1(1)","status":"affected"},{"version":"6.0(2)A6(2)","status":"affected"},{"version":"7.1(4)N1(1)","status":"affected"},{"version":"6.0(2)A8(4a)","status":"affected"},{"version":"6.2(20a)","status":"affected"},{"version":"6.0(2)U6(4)","status":"affected"},{"version":"8.4(1a)","status":"affected"},{"version":"9.3(3)","status":"affected"},{"version":"7.3(2)D1(1d)","status":"affected"},{"version":"7.3(7)N1(1)","status":"affected"},{"version":"6.2(24)","status":"affected"},{"version":"6.2(31)","status":"affected"},{"version":"7.0(3)I7(8)","status":"affected"},{"version":"6.0(2)U6(10a)","status":"affected"},{"version":"7.3(7)N1(1a)","status":"affected"},{"version":"9.3(4)","status":"affected"},{"version":"7.3(6)D1(1)","status":"affected"},{"version":"6.2(26)","status":"affected"},{"version":"8.2(6)","status":"affected"},{"version":"6.2(33)","status":"affected"},{"version":"9.3(5)","status":"affected"},{"version":"8.4(2a)","status":"affected"},{"version":"8.4(2b)","status":"affected"},{"version":"7.3(8)N1(1)","status":"affected"},{"version":"7.0(3)I7(9)","status":"affected"},{"version":"7.3(7)N1(1b)","status":"affected"},{"version":"6.2(24a)","status":"affected"},{"version":"8.5(1)","status":"affected"},{"version":"9.3(6)","status":"affected"},{"version":"10.1(2)","status":"affected"},{"version":"10.1(1)","status":"affected"},{"version":"8.4(4)","status":"affected"},{"version":"7.3(7)D1(1)","status":"affected"},{"version":"8.4(2c)","status":"affected"},{"version":"9.3(5w)","status":"affected"},{"version":"8.2(7)","status":"affected"},{"version":"7.3(9)N1(1)","status":"affected"},{"version":"9.3(7)","status":"affected"},{"version":"9.3(7k)","status":"affected"},{"version":"7.0(3)I7(9w)","status":"affected"},{"version":"10.2(1)","status":"affected"},{"version":"7.3(8)N1(1a)","status":"affected"},{"version":"7.3(8)D1(1)","status":"affected"},{"version":"9.3(7a)","status":"affected"},{"version":"8.2(7a)","status":"affected"},{"version":"9.3(8)","status":"affected"},{"version":"8.4(4a)","status":"affected"},{"version":"8.4(2d)","status":"affected"},{"version":"7.3(10)N1(1)","status":"affected"},{"version":"8.4(5)","status":"affected"},{"version":"7.0(3)I7(10)","status":"affected"},{"version":"7.3(8)N1(1b)","status":"affected"},{"version":"8.2(8)","status":"affected"},{"version":"10.2(1q)","status":"affected"},{"version":"10.2(2)","status":"affected"},{"version":"9.3(9)","status":"affected"},{"version":"10.1(2t)","status":"affected"},{"version":"7.3(9)D1(1)","status":"affected"},{"version":"7.3(11)N1(1)","status":"affected"},{"version":"10.2(3)","status":"affected"},{"version":"8.4(6)","status":"affected"},{"version":"10.2(3t)","status":"affected"},{"version":"8.4(2e)","status":"affected"},{"version":"9.3(10)","status":"affected"},{"version":"7.3(11)N1(1a)","status":"affected"},{"version":"10.2(2a)","status":"affected"},{"version":"7.3(12)N1(1)","status":"affected"},{"version":"9.2(1a)","status":"affected"},{"version":"8.2(9)","status":"affected"},{"version":"10.3(1)","status":"affected"},{"version":"10.2(4)","status":"affected"},{"version":"7.3(13)N1(1)","status":"affected"},{"version":"8.4(7)","status":"affected"},{"version":"10.3(2)","status":"affected"},{"version":"8.4(6a)","status":"affected"},{"version":"9.3(11)","status":"affected"},{"version":"10.3(3)","status":"affected"},{"version":"10.2(5)","status":"affected"},{"version":"9.4(1)","status":"affected"},{"version":"9.3(2a)","status":"affected"},{"version":"8.4(2f)","status":"affected"},{"version":"8.2(10)","status":"affected"},{"version":"9.3(12)","status":"affected"},{"version":"10.2(3v)","status":"affected"},{"version":"10.4(1)","status":"affected"},{"version":"8.4(8)","status":"affected"},{"version":"10.3(99w)","status":"affected"},{"version":"7.3(14)N1(1)","status":"affected"},{"version":"10.2(6)","status":"affected"},{"version":"10.3(3w)","status":"affected"},{"version":"10.3(99x)","status":"affected"},{"version":"10.3(3o)","status":"affected"},{"version":"8.4(9)","status":"affected"},{"version":"10.3(4)","status":"affected"},{"version":"10.3(3p)","status":"affected"},{"version":"10.3(4a)","status":"affected"},{"version":"9.4(1a)","status":"affected"},{"version":"10.4(2)","status":"affected"},{"version":"10.3(3q)","status":"affected"},{"version":"9.3(13)","status":"affected"},{"version":"8.2(11)","status":"affected"},{"version":"10.3(5)","status":"affected"},{"version":"10.2(7)","status":"affected"},{"version":"10.4(3)","status":"affected"},{"version":"10.3(3x)","status":"affected"},{"version":"10.3(4g)","status":"affected"},{"version":"10.3(3r)","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-08-28T16:37:35.281Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-28T17:19:10.303470Z","id":"CVE-2024-20284","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-28T17:19:17.361Z"}}]}}