Multiple privilege escalation vulnerabilities in the Python subsystem of Cisco Nexus devices running Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges.
The vulnerabilities are due to insufficient hardening of the operating system on which NX-OS is based. An attacker who has sufficient privileges to execute arbitrary Python scripts on an affected device could use this access to obtain root privileges.
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit these vulnerabilities, an attacker must have local access and authenticate to the targeted device. These requirements could limit the possibility of a successful exploit.
Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.