How severe is CVE-2024-20286?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-20286?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2024-20286 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Related Vulnerabilities

CVE-2017-10952

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932017

CVE-2018-1170

HIGH

CVSS:8.8(High)

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authent...

CWE-6932018

CVE-2018-14280

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932018

CVE-2018-14281

HIGH

CVSS:8.8(High)

CWE-6932018

CVE-2019-13516

HIGH

CVSS:8.8(High)

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

CWE-6932019

CVE-2021-31982

HIGH

CVSS:8.8(High)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932021