Multiple vulnerabilities in Cisco NX-OS Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-20284 CVE-2024-20285 CVE-2024-20286 |
| CWE-ID | CWE-693 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Cisco NX-OS Operating systems & Components / Operating system Cisco MDS 9000 Series Multilayer Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 3000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 5500 Platform Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 5600 Platform Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 6000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 7000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 9000 Series Switches NX-OS Mode Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Protection Mechanism Failure
EUVDB-ID: #VU96610
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20284
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can manipulate specific functions within the Python interpreter to escape the Python sandbox and execute arbitrary commands on the underlying operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco NX-OS: 6.0(2)A6(1) - 10.4(3)
Cisco MDS 9000 Series Multilayer Switches: All versions
Cisco Nexus 3000 Series Switches: All versions
Nexus 5500 Platform Switches: All versions
Nexus 5600 Platform Switches: All versions
Cisco Nexus 6000 Series Switches: All versions
Cisco Nexus 7000 Series Switches: All versions
Cisco Nexus 9000 Series Switches NX-OS Mode: All versions
CPE2.3- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)A6(1):*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)U6(1):*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)U6(1a):*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_mds_9000_series_multilayer_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_3000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5500_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5600_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_6000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_7000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_nx-os_mode:*:*:*:*:*:*:*:*
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Protection Mechanism Failure
EUVDB-ID: #VU96611
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20285
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can manipulate specific functions within the Python interpreter to escape the Python sandbox and execute arbitrary commands on the underlying operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco MDS 9000 Series Multilayer Switches: All versions
Cisco Nexus 3000 Series Switches: All versions
Nexus 5500 Platform Switches: All versions
Nexus 5600 Platform Switches: All versions
Cisco Nexus 6000 Series Switches: All versions
Cisco Nexus 7000 Series Switches: All versions
Cisco Nexus 9000 Series Switches NX-OS Mode: All versions
Cisco NX-OS: 6.0(2)A6(1) - 10.4(3)
CPE2.3- cpe:2.3:h:cisco_systems:cisco_mds_9000_series_multilayer_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_3000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5500_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5600_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_6000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_7000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_nx-os_mode:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)A6(1):*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)U6(1):*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)U6(1a):*:*:*:*:*:*:*
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Protection Mechanism Failure
EUVDB-ID: #VU96612
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20286
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can manipulate specific functions within the Python interpreter to escape the Python sandbox and execute arbitrary commands on the underlying operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco MDS 9000 Series Multilayer Switches: All versions
Cisco Nexus 3000 Series Switches: All versions
Nexus 5500 Platform Switches: All versions
Nexus 5600 Platform Switches: All versions
Cisco Nexus 6000 Series Switches: All versions
Cisco Nexus 7000 Series Switches: All versions
Cisco Nexus 9000 Series Switches NX-OS Mode: All versions
Cisco NX-OS: 6.0(2)A6(1) - 10.4(2)
CPE2.3- cpe:2.3:h:cisco_systems:cisco_mds_9000_series_multilayer_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_3000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5500_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5600_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_6000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_7000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_nx-os_mode:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)A6(1):*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)U6(1):*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_nx-os:6.0(2)U6(1a):*:*:*:*:*:*:*
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du
https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
