A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.
Metrics
Affected Vendors & Products
References
History
Thu, 21 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-05-15T16:45:30.751023Z
Updated: 2024-11-21T19:31:24.457Z
Reserved: 2018-12-06T00:00:00
Link: CVE-2019-1727
Vulnrichment
Updated: 2024-08-04T18:28:41.635Z
NVD
Status : Modified
Published: 2019-05-15T17:29:01.530
Modified: 2024-11-21T04:37:11.413
Link: CVE-2019-1727
Redhat
No data.