mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
64 lines
3.6 KiB
JSON
64 lines
3.6 KiB
JSON
{
|
|
"id": "CVE-2024-20285",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2024-08-28T17:15:07.687",
|
|
"lastModified": "2024-08-29T13:25:27.537",
|
|
"vulnStatus": "Undergoing Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. \r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad en el int\u00e9rprete de Python del software Cisco NX-OS podr\u00eda permitir que un atacante local autenticado y con pocos privilegios escape del entorno limitado de Python y obtenga acceso no autorizado al sistema operativo subyacente del dispositivo. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad manipulando funciones espec\u00edficas dentro del int\u00e9rprete de Python. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante escape del entorno limitado de Python y ejecute comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario autenticado. Nota: Un atacante debe estar autenticado con privilegios de ejecuci\u00f3n de Python para aprovechar estas vulnerabilidades. Para obtener m\u00e1s informaci\u00f3n sobre los privilegios de ejecuci\u00f3n de Python, consulte la documentaci\u00f3n espec\u00edfica del producto, como la secci\u00f3n de la Gu\u00eda de programaci\u00f3n de NX-OS de la serie Cisco Nexus 9000."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-653"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du",
|
|
"source": "ykramarz@cisco.com"
|
|
},
|
|
{
|
|
"url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410",
|
|
"source": "ykramarz@cisco.com"
|
|
}
|
|
]
|
|
} |