Multiple privilege escalation vulnerabilities in the Python subsystem of Cisco Nexus devices running Cisco NX-OS Software could allow an authenticated, local malicious user to gain elevated privileges. The vulnerabilities are due to insufficient hardening of the operating system on which NX-OS is based. An attacker who has sufficient privileges to execute arbitrary Python scripts on an affected device could use this access to obtain root privileges. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit these vulnerabilities, an attacker must have local access and authenticate to the targeted device. These requirements could limit the possibility of a successful exploit. Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco nx-os 6.0\\(2\\) |
||
cisco nx-os 6.2\\(2\\) |