Multiple Cisco NX-OS Software Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-20286 CVSS:5.3

Cisco NX-OS Software could allow a local authenticated attacker to gain unauthorized access to the system, caused by insufficient validation of user-supplied input. By manipulating specific functions within the Python interpreter, an attacker could exploit this vulnerability to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.

CVE-2024-20284 CVSS:5.3

CVE-2024-20289 CVSS:4.4

Cisco NX-OS Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of arguments for a specific CLI command. By including crafted input as the argument of the affected command, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2024-20411 CVSS:6.7

Cisco NX-OS Software could allow a local authenticated attacker to execute arbitrary code on the system, caused by insufficient security restrictions when executing application commands from the Bash shell. By executing a specific crafted command on the underlying operating system, an attacker could exploit this vulnerability to execute arbitrary code with the privileges of root.

CVE-2024-20285 CVSS:5.3

CVE-2024-20413 CVSS:6.7

Cisco NX-OS Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient security restrictions when executing application arguments from the Bash shell. By executing specially crafted commands on the underlying operating system, an attacker could exploit this vulnerability to create new users with the privileges of network-admin.

Impact