CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
Multiple privilege escalation vulnerabilities in the Python subsystem of Cisco Nexus devices running Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges.
The vulnerabilities are due to insufficient hardening of the operating system on which NX-OS is based. An attacker who has sufficient privileges to execute arbitrary Python scripts on an affected device could use this access to obtain root privileges.
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit these vulnerabilities, an attacker must have local access and authenticate to the targeted device. These requirements could limit the possibility of a successful exploit.
Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | mds_9000_san-os | any | cpe:2.3:o:cisco:mds_9000_san-os:any:*:*:*:*:*:*:* |