All the vulnerabilites related to Cisco - Cisco Network Services Orchestrator
cve-2024-20389
Vulnerability from cvelistv5
Published
2024-05-16 14:08
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Cisco | Cisco ConfD |
Version: N/A |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:confd:8.0.11:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "lessThan": "8.0.12", "status": "affected", "version": "8.0.11", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:6.0.11:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "6.0.12", "status": "affected", "version": "6.0.11", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:6.2.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "6.2.2", "status": "affected", "version": "6.2.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20389", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T16:46:34.641203Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:40:25.932Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nso-rwpesc-qrQGnh3f", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f" }, { "name": "cisco-sa-cnfd-rwpesc-ZAOufyx8", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco ConfD", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco ConfD Basic", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.0.11" } ] }, { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.0.11" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.\n\n\nThis vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "Incorrect Privilege Assignment", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-16T14:08:21.745Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-rwpesc-qrQGnh3f", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f" }, { "name": "cisco-sa-cnfd-rwpesc-ZAOufyx8", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8" } ], "source": { "advisory": "cisco-sa-nso-rwpesc-qrQGnh3f", "defects": [ "CSCwj72783", "CSCwi84310" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20389", "datePublished": "2024-05-16T14:08:21.745Z", "dateReserved": "2023-11-08T15:08:07.658Z", "dateUpdated": "2024-08-01T21:59:42.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20040
Vulnerability from cvelistv5
Published
2023-01-19 01:37
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.
This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition.
Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Network Services Orchestrator |
Version: 4.7.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nso-path-trvsl-zjBeMkZg", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "4.7.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Relative Path Traversal", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:36.087Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-path-trvsl-zjBeMkZg", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg" } ], "source": { "advisory": "cisco-sa-nso-path-trvsl-zjBeMkZg", "defects": [ "CSCwb11065" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20040", "datePublished": "2023-01-19T01:37:34.592Z", "dateReserved": "2022-10-27T18:47:50.316Z", "dateUpdated": "2024-08-02T08:57:35.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-0463
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-11-26 14:39
Severity ?
EPSS score ?
Summary
Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Network Services Orchestrator |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:28:11.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-0463", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T18:53:26.786615Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:39:29.333Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-05T13:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis" } ], "source": { "advisory": "cisco-sa-20180905-nso-infodis", "defect": [ [ "CSCvj50567", "CSCvk74975" ] ], "discovery": "UNKNOWN" }, "title": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-05T16:00:00-0500", "ID": "CVE-2018-0463", "STATE": "PUBLIC", "TITLE": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Network Services Orchestrator", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system." } ] }, "impact": { "cvss": { "baseScore": "5.9", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis" } ] }, "source": { "advisory": "cisco-sa-20180905-nso-infodis", "defect": [ [ "CSCvj50567", "CSCvk74975" ] ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0463", "datePublished": "2018-10-05T14:00:00Z", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-11-26T14:39:29.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20366
Vulnerability from cvelistv5
Published
2024-05-15 17:25
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Network Services Orchestrator |
Version: 5.4 Version: 5.5 Version: 5.6 Version: 5.7 Version: 5.8 Version: 5.1.1.1 Version: 5.1.1.3 Version: 5.1.2 Version: 5.2.0.3 Version: 5.2.0.4 Version: 5.2.1 Version: 5.2.1.1 Version: 5.2.3.2 Version: 5.3.1 Version: 5.3.4.3 Version: 5.4.0.1 Version: 5.4.0.2 Version: 5.4.1 Version: 5.4.1.1 Version: 5.4.2 Version: 5.4.3 Version: 5.4.3.1 Version: 5.4.3.2 Version: 5.4.4.1 Version: 5.4.4 Version: 5.4.4.3 Version: 5.4.3.4 Version: 5.4.4.2 Version: 5.4.3.3 Version: 5.4.5.1 Version: 5.4.2.1 Version: 5.4.5.2 Version: 5.4.5 Version: 5.4.2.2 Version: 5.4.6 Version: 5.4.7 Version: 5.4.7.1 Version: 5.5.1 Version: 5.5.2 Version: 5.5.2.1 Version: 5.5.2.2 Version: 5.5.2.5 Version: 5.5.2.3 Version: 5.5.2.4 Version: 5.5.2.9 Version: 5.5.2.10 Version: 5.5.3 Version: 5.5.2.11 Version: 5.5.2.6 Version: 5.5.2.7 Version: 5.5.2.8 Version: 5.5.2.12 Version: 5.5.4 Version: 5.5.4.1 Version: 5.5.3.1 Version: 5.5.5 Version: 5.5.6 Version: 5.5.6.1 Version: 5.5.7 Version: 5.5.8 Version: 5.5.10 Version: 5.5.9 Version: 5.6.1 Version: 5.6.3 Version: 5.6.3.1 Version: 5.6.2 Version: 5.6.4 Version: 5.6.5 Version: 5.6.6 Version: 5.6.6.1 Version: 5.6.7 Version: 5.6.7.1 Version: 5.6.7.2 Version: 5.6.8 Version: 5.6.8.1 Version: 5.6.9 Version: 5.6.10 Version: 5.6.11 Version: 5.6.12 Version: 5.6.13 Version: 5.6.14 Version: 5.6.14.1 Version: 5.7.1.1 Version: 5.7.1 Version: 5.7.2 Version: 5.7.2.1 Version: 5.7.3 Version: 5.7.4 Version: 5.7.5 Version: 5.7.5.1 Version: 5.7.6 Version: 5.7.6.1 Version: 5.7.6.2 Version: 5.7.7 Version: 5.7.8 Version: 5.7.10 Version: 5.7.10.1 Version: 5.7.10.2 Version: 5.7.11 Version: 5.7.12 Version: 5.7.13 Version: 5.7.14 Version: 5.7.15.1 Version: 5.7.6.3 Version: 5.7.8.1 Version: 5.7.9 Version: 5.7.9.1 Version: 5.8.1 Version: 5.8.2 Version: 5.8.2.1 Version: 5.8.3 Version: 5.8.4 Version: 5.8.5 Version: 5.8.10 Version: 5.8.11 Version: 5.8.12 Version: 5.8.6 Version: 5.8.7 Version: 5.8.8 Version: 5.8.9 Version: 6.0 Version: 6.1 Version: 6.2 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.10 Version: 6.0.11 Version: 6.0.2 Version: 6.0.3 Version: 6.0.4 Version: 6.0.5 Version: 6.0.6 Version: 6.0.7 Version: 6.0.8 Version: 6.0.9 Version: 6.1.1 Version: 6.1.2 Version: 6.1.2.1 Version: 6.1.3 Version: 6.1.3.1 Version: 6.1.3.2 Version: 6.1.4 Version: 6.1.5 Version: 6.1.6 Version: 6.1.6.1 Version: 6.1.7 Version: 6.1.7.1 Version: 6.2.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.1.1.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThanOrEqual": "6.2.2", "status": "affected", "version": "5.1.1.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20366", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-15T18:43:57.383617Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:40:26.335Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.835Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "5.4" }, { "status": "affected", "version": "5.5" }, { "status": "affected", "version": "5.6" }, { "status": "affected", "version": "5.7" }, { "status": "affected", "version": "5.8" }, { "status": "affected", "version": "5.1.1.1" }, { "status": "affected", "version": "5.1.1.3" }, { "status": "affected", "version": "5.1.2" }, { "status": "affected", "version": "5.2.0.3" }, { "status": "affected", "version": "5.2.0.4" }, { "status": "affected", "version": "5.2.1" }, { "status": "affected", "version": "5.2.1.1" }, { "status": "affected", "version": "5.2.3.2" }, { "status": "affected", "version": "5.3.1" }, { "status": "affected", "version": "5.3.4.3" }, { "status": "affected", "version": "5.4.0.1" }, { "status": "affected", "version": "5.4.0.2" }, { "status": "affected", "version": "5.4.1" }, { "status": "affected", "version": "5.4.1.1" }, { "status": "affected", "version": "5.4.2" }, { "status": "affected", "version": "5.4.3" }, { "status": "affected", "version": "5.4.3.1" }, { "status": "affected", "version": "5.4.3.2" }, { "status": "affected", "version": "5.4.4.1" }, { "status": "affected", "version": "5.4.4" }, { "status": "affected", "version": "5.4.4.3" }, { "status": "affected", "version": "5.4.3.4" }, { "status": "affected", "version": "5.4.4.2" }, { "status": "affected", "version": "5.4.3.3" }, { "status": "affected", "version": "5.4.5.1" }, { "status": "affected", "version": "5.4.2.1" }, { "status": "affected", "version": "5.4.5.2" }, { "status": "affected", "version": "5.4.5" }, { "status": "affected", "version": "5.4.2.2" }, { "status": "affected", "version": "5.4.6" }, { "status": "affected", "version": "5.4.7" }, { "status": "affected", "version": "5.4.7.1" }, { "status": "affected", "version": "5.5.1" }, { "status": "affected", "version": "5.5.2" }, { "status": "affected", "version": "5.5.2.1" }, { "status": "affected", "version": "5.5.2.2" }, { "status": "affected", "version": "5.5.2.5" }, { "status": "affected", "version": "5.5.2.3" }, { "status": "affected", "version": "5.5.2.4" }, { "status": "affected", "version": "5.5.2.9" }, { "status": "affected", "version": "5.5.2.10" }, { "status": "affected", "version": "5.5.3" }, { "status": "affected", "version": "5.5.2.11" }, { "status": "affected", "version": "5.5.2.6" }, { "status": "affected", "version": "5.5.2.7" }, { "status": "affected", "version": "5.5.2.8" }, { "status": "affected", "version": "5.5.2.12" }, { "status": "affected", "version": "5.5.4" }, { "status": "affected", "version": "5.5.4.1" }, { "status": "affected", "version": "5.5.3.1" }, { "status": "affected", "version": "5.5.5" }, { "status": "affected", "version": "5.5.6" }, { "status": "affected", "version": "5.5.6.1" }, { "status": "affected", "version": "5.5.7" }, { "status": "affected", "version": "5.5.8" }, { "status": "affected", "version": "5.5.10" }, { "status": "affected", "version": "5.5.9" }, { "status": "affected", "version": "5.6.1" }, { "status": "affected", "version": "5.6.3" }, { "status": "affected", "version": "5.6.3.1" }, { "status": "affected", "version": "5.6.2" }, { "status": "affected", "version": "5.6.4" }, { "status": "affected", "version": "5.6.5" }, { "status": "affected", "version": "5.6.6" }, { "status": "affected", "version": "5.6.6.1" }, { "status": "affected", "version": "5.6.7" }, { "status": "affected", "version": "5.6.7.1" }, { "status": "affected", "version": "5.6.7.2" }, { "status": "affected", "version": "5.6.8" }, { "status": "affected", "version": "5.6.8.1" }, { "status": "affected", "version": "5.6.9" }, { "status": "affected", "version": "5.6.10" }, { "status": "affected", "version": "5.6.11" }, { "status": "affected", "version": "5.6.12" }, { "status": "affected", "version": "5.6.13" }, { "status": "affected", "version": "5.6.14" }, { "status": "affected", "version": "5.6.14.1" }, { "status": "affected", "version": "5.7.1.1" }, { "status": "affected", "version": "5.7.1" }, { "status": "affected", "version": "5.7.2" }, { "status": "affected", "version": "5.7.2.1" }, { "status": "affected", "version": "5.7.3" }, { "status": "affected", "version": "5.7.4" }, { "status": "affected", "version": "5.7.5" }, { "status": "affected", "version": "5.7.5.1" }, { "status": "affected", "version": "5.7.6" }, { "status": "affected", "version": "5.7.6.1" }, { "status": "affected", "version": "5.7.6.2" }, { "status": "affected", "version": "5.7.7" }, { "status": "affected", "version": "5.7.8" }, { "status": "affected", "version": "5.7.10" }, { "status": "affected", "version": "5.7.10.1" }, { "status": "affected", "version": "5.7.10.2" }, { "status": "affected", "version": "5.7.11" }, { "status": "affected", "version": "5.7.12" }, { "status": "affected", "version": "5.7.13" }, { "status": "affected", "version": "5.7.14" }, { "status": "affected", "version": "5.7.15.1" }, { "status": "affected", "version": "5.7.6.3" }, { "status": "affected", "version": "5.7.8.1" }, { "status": "affected", "version": "5.7.9" }, { "status": "affected", "version": "5.7.9.1" }, { "status": "affected", "version": "5.8.1" }, { "status": "affected", "version": "5.8.2" }, { "status": "affected", "version": "5.8.2.1" }, { "status": "affected", "version": "5.8.3" }, { "status": "affected", "version": "5.8.4" }, { "status": "affected", "version": "5.8.5" }, { "status": "affected", "version": "5.8.10" }, { "status": "affected", "version": "5.8.11" }, { "status": "affected", "version": "5.8.12" }, { "status": "affected", "version": "5.8.6" }, { "status": "affected", "version": "5.8.7" }, { "status": "affected", "version": "5.8.8" }, { "status": "affected", "version": "5.8.9" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "6.2" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "6.0.1.1" }, { "status": "affected", "version": "6.0.10" }, { "status": "affected", "version": "6.0.11" }, { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.3" }, { "status": "affected", "version": "6.0.4" }, { "status": "affected", "version": "6.0.5" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.7" }, { "status": "affected", "version": "6.0.8" }, { "status": "affected", "version": "6.0.9" }, { "status": "affected", "version": "6.1.1" }, { "status": "affected", "version": "6.1.2" }, { "status": "affected", "version": "6.1.2.1" }, { "status": "affected", "version": "6.1.3" }, { "status": "affected", "version": "6.1.3.1" }, { "status": "affected", "version": "6.1.3.2" }, { "status": "affected", "version": "6.1.4" }, { "status": "affected", "version": "6.1.5" }, { "status": "affected", "version": "6.1.6" }, { "status": "affected", "version": "6.1.6.1" }, { "status": "affected", "version": "6.1.7" }, { "status": "affected", "version": "6.1.7.1" }, { "status": "affected", "version": "6.2.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-73", "description": "External Control of File Name or Path", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T17:25:09.258Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D" } ], "source": { "advisory": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D", "defects": [ "CSCwi92920" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20366", "datePublished": "2024-05-15T17:25:09.258Z", "dateReserved": "2023-11-08T15:08:07.652Z", "dateUpdated": "2024-08-01T21:59:42.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3362
Vulnerability from cvelistv5
Published
2020-06-18 02:17
Modified
2024-11-15 17:00
Severity ?
EPSS score ?
Summary
Cisco Network Services Orchestrator Information Disclosure Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Network Services Orchestrator |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:30:58.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3362", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:27:34.268033Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:00:53.270Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-18T02:17:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq" } ], "source": { "advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq", "defect": [ [ "CSCvu17597" ] ], "discovery": "INTERNAL" }, "title": "Cisco Network Services Orchestrator Information Disclosure Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-06-17T16:00:00", "ID": "CVE-2020-3362", "STATE": "PUBLIC", "TITLE": "Cisco Network Services Orchestrator Information Disclosure Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Network Services Orchestrator", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.7", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq" } ] }, "source": { "advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq", "defect": [ [ "CSCvu17597" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3362", "datePublished": "2020-06-18T02:17:13.303988Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:00:53.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1132
Vulnerability from cvelistv5
Published
2024-11-18 15:42
Modified
2024-11-18 16:36
Severity ?
EPSS score ?
Summary
Cisco Network Services Orchestrator Path Traversal Vulnerability
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Network Services Orchestrator |
Version: 5.3.1 Version: 5.4.0.1 Version: 5.4 Version: 5.4.0.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:network_services_orchestrator:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "status": "affected", "version": "5.3.1" }, { "status": "affected", "version": "5.4" }, { "status": "affected", "version": "5.4.0.1" }, { "status": "affected", "version": "5.4.0.2" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2021-1132", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-18T16:34:43.577822Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-18T16:36:46.502Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "5.3.1" }, { "status": "affected", "version": "5.4.0.1" }, { "status": "affected", "version": "5.4" }, { "status": "affected", "version": "5.4.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the API subsystem and in the web-management interface of Cisco\u0026nbsp;Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.\r\nThis vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-35", "description": "Path Traversal: \u0027.../...//\u0027", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-18T15:42:08.936Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-path-trvsl-dZRQE8Lc", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-dZRQE8Lc" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8" } ], "source": { "advisory": "cisco-sa-nso-path-trvsl-dZRQE8Lc", "defects": [ "CSCvv48959" ], "discovery": "INTERNAL" }, "title": "Cisco Network Services Orchestrator Path Traversal Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1132", "datePublished": "2024-11-18T15:42:08.936Z", "dateReserved": "2020-11-13T00:00:00.000Z", "dateUpdated": "2024-11-18T16:36:46.502Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20381
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-27 13:58
Severity ?
EPSS score ?
Summary
Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.29 Version: 6.5.1 Version: 6.6.1 Version: 6.5.2 Version: 6.5.92 Version: 6.5.15 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.5.26 Version: 6.6.11 Version: 6.5.25 Version: 6.5.28 Version: 6.5.93 Version: 6.6.12 Version: 6.5.90 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 6.6.4 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 6.5.31 Version: 7.3.15 Version: 7.3.16 Version: 6.8.1 Version: 7.4.15 Version: 6.5.32 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.8.12 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.3.4 Version: 7.4.2 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 6.5.33 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.5.52 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "status": "affected", "version": "5.4.1" }, { "status": "affected", "version": "5.3.1" } ] }, { "cpes": [ "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "small_business_rv_series_router_firmware", "vendor": "cisco", "versions": [ { "status": "affected", "version": "1.0.01.17" }, { "status": "affected", "version": "1.0.03.17" } ] }, { "cpes": [ "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr", "vendor": "cisco", "versions": [ { "status": "affected", "version": "6.5.3" }, { "status": "affected", "version": "6.5.29" }, { "status": "affected", "version": "6.5.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.5.2" }, { "status": "affected", "version": "6.5.92" }, { "status": "affected", "version": "6.5.15" }, { "status": "affected", "version": "6.6.2" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.6.25" }, { "status": "affected", "version": "6.5.28" }, { "status": "affected", "version": "6.5.93" }, { "status": "affected", "version": "6.6.12" }, { "status": "affected", "version": "6.5.90" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.0.90" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.7.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.1.15" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.1" }, { "status": "affected", "version": "6.7.2" }, { "status": "affected", "version": "7.0.11" }, { "status": "affected", "version": "7.0.12" }, { "status": "affected", "version": "7.0.14" }, { "status": "affected", "version": "7.1.25" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "7.2.12" }, { "status": "affected", "version": "7.3.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20381", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-27T03:55:16.289362Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-27T13:58:21.912Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.5.3" }, { "status": "affected", "version": "6.5.29" }, { "status": "affected", "version": "6.5.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.5.2" }, { "status": "affected", "version": "6.5.92" }, { "status": "affected", "version": "6.5.15" }, { "status": "affected", "version": "6.6.2" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.6.25" }, { "status": "affected", "version": "6.5.26" }, { "status": "affected", "version": "6.6.11" }, { "status": "affected", "version": "6.5.25" }, { "status": "affected", "version": "6.5.28" }, { "status": "affected", "version": "6.5.93" }, { "status": "affected", "version": "6.6.12" }, { "status": "affected", "version": "6.5.90" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.0.90" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.7.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.1.15" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "6.7.2" }, { "status": "affected", "version": "7.0.11" }, { "status": "affected", "version": "7.0.12" }, { "status": "affected", "version": "7.0.14" }, { "status": "affected", "version": "7.1.25" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "7.2.12" }, { "status": "affected", "version": "7.3.1" }, { "status": "affected", "version": "7.1.3" }, { "status": "affected", "version": "6.7.3" }, { "status": "affected", "version": "7.4.1" }, { "status": "affected", "version": "7.2.2" }, { "status": "affected", "version": "6.7.4" }, { "status": "affected", "version": "6.5.31" }, { "status": "affected", "version": "7.3.15" }, { "status": "affected", "version": "7.3.16" }, { "status": "affected", "version": "6.8.1" }, { "status": "affected", "version": "7.4.15" }, { "status": "affected", "version": "6.5.32" }, { "status": "affected", "version": "7.3.2" }, { "status": "affected", "version": "7.5.1" }, { "status": "affected", "version": "7.4.16" }, { "status": "affected", "version": "7.3.27" }, { "status": "affected", "version": "7.6.1" }, { "status": "affected", "version": "7.5.2" }, { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.6.15" }, { "status": "affected", "version": "7.5.12" }, { "status": "affected", "version": "7.8.12" }, { "status": "affected", "version": "7.3.3" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "6.8.2" }, { "status": "affected", "version": "7.3.4" }, { "status": "affected", "version": "7.4.2" }, { "status": "affected", "version": "6.7.35" }, { "status": "affected", "version": "6.9.1" }, { "status": "affected", "version": "7.6.2" }, { "status": "affected", "version": "7.5.3" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "6.9.2" }, { "status": "affected", "version": "7.9.1" }, { "status": "affected", "version": "7.10.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.5.4" }, { "status": "affected", "version": "6.5.33" }, { "status": "affected", "version": "7.8.22" }, { "status": "affected", "version": "7.7.21" }, { "status": "affected", "version": "7.9.2" }, { "status": "affected", "version": "7.3.5" }, { "status": "affected", "version": "7.5.5" }, { "status": "affected", "version": "7.11.1" }, { "status": "affected", "version": "7.9.21" }, { "status": "affected", "version": "7.10.2" }, { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "7.6.3" }, { "status": "affected", "version": "7.3.6" }, { "status": "affected", "version": "7.5.52" }, { "status": "affected", "version": "7.11.2" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" } ] }, { "defaultStatus": "unknown", "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "5.4.1" }, { "status": "affected", "version": "5.3.1" }, { "status": "affected", "version": "4.4.1" }, { "status": "affected", "version": "5.2.1.1" }, { "status": "affected", "version": "5.4.0.1" }, { "status": "affected", "version": "4.7.1" }, { "status": "affected", "version": "5.2.0.3" }, { "status": "affected", "version": "5.2.1" }, { "status": "affected", "version": "5.1.2" }, { "status": "affected", "version": "5.4" }, { "status": "affected", "version": "4.5.1" }, { "status": "affected", "version": "5.4.0.2" }, { "status": "affected", "version": "4.7.3" }, { "status": "affected", "version": "5.2.0.4" }, { "status": "affected", "version": "5.1.1.1" }, { "status": "affected", "version": "5.1.1.3" }, { "status": "affected", "version": "5.2.3.2" }, { "status": "affected", "version": "5.4.1.1" }, { "status": "affected", "version": "5.5" }, { "status": "affected", "version": "5.4.2" }, { "status": "affected", "version": "5.5.1" }, { "status": "affected", "version": "5.4.3" }, { "status": "affected", "version": "5.4.3.1" }, { "status": "affected", "version": "5.5.2" }, { "status": "affected", "version": "5.3.4.3" }, { "status": "affected", "version": "5.5.2.1" }, { "status": "affected", "version": "5.5.2.2" }, { "status": "affected", "version": "5.4.3.2" }, { "status": "affected", "version": "5.5.2.3" }, { "status": "affected", "version": "5.4.4" }, { "status": "affected", "version": "5.4.4.1" }, { "status": "affected", "version": "5.5.2.4" }, { "status": "affected", "version": "5.5.2.5" }, { "status": "affected", "version": "5.5.2.6" }, { "status": "affected", "version": "5.4.4.2" }, { "status": "affected", "version": "5.4.3.3" }, { "status": "affected", "version": "5.5.2.7" }, { "status": "affected", "version": "5.5.2.8" }, { "status": "affected", "version": "5.4.3.4" }, { "status": "affected", "version": "5.4.4.3" }, { "status": "affected", "version": "5.6" }, { "status": "affected", "version": "5.5.2.9" }, { "status": "affected", "version": "5.5.3" }, { "status": "affected", "version": "5.5.2.10" }, { "status": "affected", "version": "5.6.1" }, { "status": "affected", "version": "5.5.2.11" }, { "status": "affected", "version": "5.6.2" }, { "status": "affected", "version": "5.5.3.1" }, { "status": "affected", "version": "5.4.5" }, { "status": "affected", "version": "5.4.5.1" }, { "status": "affected", "version": "5.5.4" }, { "status": "affected", "version": "5.6.3" }, { "status": "affected", "version": "5.5.4.1" }, { "status": "affected", "version": "5.7" }, { "status": "affected", "version": "5.5.2.12" }, { "status": "affected", "version": "5.4.2.1" }, { "status": "affected", "version": "5.6.3.1" }, { "status": "affected", "version": "5.4.5.2" }, { "status": "affected", "version": "5.7.1" }, { "status": "affected", "version": "5.7.1.1" }, { "status": "affected", "version": "5.6.4" }, { "status": "affected", "version": "5.4.2.2" }, { "status": "affected", "version": "5.4.6" }, { "status": "affected", "version": "5.7.2" }, { "status": "affected", "version": "5.7.2.1" }, { "status": "affected", "version": "5.6.5" }, { "status": "affected", "version": "5.5.5" }, { "status": "affected", "version": "5.7.3" }, { "status": "affected", "version": "5.8" }, { "status": "affected", "version": "5.6.6.1" }, { "status": "affected", "version": "5.7.5.1" }, { "status": "affected", "version": "5.6.7.1" }, { "status": "affected", "version": "5.6.7" }, { "status": "affected", "version": "5.5.6.1" }, { "status": "affected", "version": "5.8.1" }, { "status": "affected", "version": "5.6.6" }, { "status": "affected", "version": "5.4.7" }, { "status": "affected", "version": "5.8.2.1" }, { "status": "affected", "version": "5.7.5" }, { "status": "affected", "version": "5.7.4" }, { "status": "affected", "version": "5.8.2" }, { "status": "affected", "version": "5.5.6" }, { "status": "affected", "version": "5.6.7.2" }, { "status": "affected", "version": "5.7.6" }, { "status": "affected", "version": "5.7.6.1" }, { "status": "affected", "version": "5.8.3" }, { "status": "affected", "version": "5.6.8" }, { "status": "affected", "version": "5.7.6.2" }, { "status": "affected", "version": "5.8.4" }, { "status": "affected", "version": "5.5.7" }, { "status": "affected", "version": "5.7.7" }, { "status": "affected", "version": "5.6.9" }, { "status": "affected", "version": "5.6.8.1" }, { "status": "affected", "version": "5.8.5" }, { "status": "affected", "version": "5.5.8" }, { "status": "affected", "version": "5.7.8" }, { "status": "affected", "version": "5.4.7.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "5.7.8.1" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "5.6.10" }, { "status": "affected", "version": "5.8.6" }, { "status": "affected", "version": "6.0.1.1" }, { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "5.7.9" }, { "status": "affected", "version": "5.5.9" }, { "status": "affected", "version": "5.6.11" }, { "status": "affected", "version": "5.8.7" }, { "status": "affected", "version": "6.0.3" }, { "status": "affected", "version": "5.7.10" }, { "status": "affected", "version": "5.6.12" }, { "status": "affected", "version": "5.8.8" }, { "status": "affected", "version": "6.0.4" }, { "status": "affected", "version": "5.5.10" }, { "status": "affected", "version": "5.7.10.1" }, { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "5.7.6.3" }, { "status": "affected", "version": "5.7.11" }, { "status": "affected", "version": "6.0.5" }, { "status": "affected", "version": "5.6.13" }, { "status": "affected", "version": "5.8.9" }, { "status": "affected", "version": "6.1.1" }, { "status": "affected", "version": "5.7.10.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "5.7.12" }, { "status": "affected", "version": "6.1.2" }, { "status": "affected", "version": "5.6.14" }, { "status": "affected", "version": "6.1.2.1" }, { "status": "affected", "version": "5.8.10" }, { "status": "affected", "version": "6.0.7" }, { "status": "affected", "version": "6.1.3" }, { "status": "affected", "version": "5.7.13" }, { "status": "affected", "version": "5.8.11" }, { "status": "affected", "version": "6.1.3.1" }, { "status": "affected", "version": "6.0.8" }, { "status": "affected", "version": "6.1.4" }, { "status": "affected", "version": "5.6.14.1" }, { "status": "affected", "version": "5.8.12" }, { "status": "affected", "version": "6.0.9" }, { "status": "affected", "version": "6.1.5" }, { "status": "affected", "version": "6.2" }, { "status": "affected", "version": "5.8.13" }, { "status": "affected", "version": "5.7.14" }, { "status": "affected", "version": "6.0.10" }, { "status": "affected", "version": "6.1.6" }, { "status": "affected", "version": "6.1.6.1" }, { "status": "affected", "version": "6.0.11" }, { "status": "affected", "version": "6.1.7" }, { "status": "affected", "version": "6.2.2" }, { "status": "affected", "version": "5.7.15" }, { "status": "affected", "version": "6.1.3.2" }, { "status": "affected", "version": "6.1.7.1" }, { "status": "affected", "version": "6.0.12" }, { "status": "affected", "version": "6.1.8" }, { "status": "affected", "version": "5.7.9.1" }, { "status": "affected", "version": "5.7.15.1" }, { "status": "affected", "version": "6.1.10" }, { "status": "affected", "version": "6.1.11" }, { "status": "affected", "version": "5.1.4.3" }, { "status": "affected", "version": "6.1.11.1" }, { "status": "affected", "version": "6.1.11.2" }, { "status": "affected", "version": "5.7.17" }, { "status": "affected", "version": "6.1.12" } ] }, { "defaultStatus": "unknown", "product": "Cisco Small Business RV Series Router Firmware", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "1.0.01.17" }, { "status": "affected", "version": "1.0.03.17" }, { "status": "affected", "version": "1.0.01.16" }, { "status": "affected", "version": "1.0.01.18" }, { "status": "affected", "version": "1.0.00.29" }, { "status": "affected", "version": "1.0.03.16" }, { "status": "affected", "version": "1.0.03.15" }, { "status": "affected", "version": "1.0.02.16" }, { "status": "affected", "version": "1.0.01.20" }, { "status": "affected", "version": "1.0.00.33" }, { "status": "affected", "version": "1.0.03.18" }, { "status": "affected", "version": "1.0.03.19" }, { "status": "affected", "version": "1.0.03.20" }, { "status": "affected", "version": "1.0.03.21" }, { "status": "affected", "version": "1.0.03.22" }, { "status": "affected", "version": "1.0.03.24" }, { "status": "affected", "version": "1.0.03.26" }, { "status": "affected", "version": "1.0.03.27" }, { "status": "affected", "version": "1.0.03.28" }, { "status": "affected", "version": "1.0.03.29" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "Improper Authorization", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-25T16:24:52.271Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-auth-bypass-QnTEesp", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp" } ], "source": { "advisory": "cisco-sa-nso-auth-bypass-QnTEesp", "defects": [ "CSCwj26769" ], "discovery": "INTERNAL" }, "title": "Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20381", "datePublished": "2024-09-11T16:38:42.096Z", "dateReserved": "2023-11-08T15:08:07.656Z", "dateUpdated": "2024-09-27T13:58:21.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20369
Vulnerability from cvelistv5
Published
2024-05-15 17:23
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Network Services Orchestrator |
Version: 5.4 Version: 5.5 Version: 5.6 Version: 5.7 Version: 5.8 Version: 5.1.1.1 Version: 5.1.1.3 Version: 5.1.2 Version: 5.2.0.4 Version: 5.2.1 Version: 5.2.1.1 Version: 5.2.3.2 Version: 5.3.1 Version: 5.3.4.3 Version: 5.4.0.1 Version: 5.4.1 Version: 5.4.1.1 Version: 5.4.2 Version: 5.4.3.1 Version: 5.4.4.1 Version: 5.4.4 Version: 5.4.4.3 Version: 5.4.3.3 Version: 5.4.5.1 Version: 5.4.5.2 Version: 5.4.5 Version: 5.4.6 Version: 5.4.7 Version: 5.4.7.1 Version: 5.5.1 Version: 5.5.2 Version: 5.5.2.1 Version: 5.5.2.3 Version: 5.5.2.4 Version: 5.5.2.9 Version: 5.5.2.10 Version: 5.5.3 Version: 5.5.2.7 Version: 5.5.2.12 Version: 5.5.4.1 Version: 5.5.3.1 Version: 5.5.5 Version: 5.5.6 Version: 5.5.7 Version: 5.5.8 Version: 5.6.1 Version: 5.6.3 Version: 5.6.2 Version: 5.6.5 Version: 5.6.6 Version: 5.6.6.1 Version: 5.6.7 Version: 5.6.7.1 Version: 5.6.8 Version: 5.6.8.1 Version: 5.6.11 Version: 5.6.13 Version: 5.6.14 Version: 5.6.14.1 Version: 5.7.1.1 Version: 5.7.1 Version: 5.7.2 Version: 5.7.2.1 Version: 5.7.3 Version: 5.7.4 Version: 5.7.5 Version: 5.7.5.1 Version: 5.7.6 Version: 5.7.6.2 Version: 5.7.8 Version: 5.7.10 Version: 5.7.10.2 Version: 5.7.11 Version: 5.7.13 Version: 5.7.14 Version: 5.7.9 Version: 5.7.9.1 Version: 5.8.1 Version: 5.8.2 Version: 5.8.2.1 Version: 5.8.5 Version: 5.8.10 Version: 5.8.11 Version: 5.8.9 Version: 6.1 Version: 6.2 Version: 6.0.1.1 Version: 6.0.10 Version: 6.0.5 Version: 6.0.8 Version: 6.1.2.1 Version: 6.1.5 Version: 6.1.6 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20369", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T15:29:07.120761Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:40:17.553Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.814Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nso-ordir-MNM8YqzO", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "5.4" }, { "status": "affected", "version": "5.5" }, { "status": "affected", "version": "5.6" }, { "status": "affected", "version": "5.7" }, { "status": "affected", "version": "5.8" }, { "status": "affected", "version": "5.1.1.1" }, { "status": "affected", "version": "5.1.1.3" }, { "status": "affected", "version": "5.1.2" }, { "status": "affected", "version": "5.2.0.4" }, { "status": "affected", "version": "5.2.1" }, { "status": "affected", "version": "5.2.1.1" }, { "status": "affected", "version": "5.2.3.2" }, { "status": "affected", "version": "5.3.1" }, { "status": "affected", "version": "5.3.4.3" }, { "status": "affected", "version": "5.4.0.1" }, { "status": "affected", "version": "5.4.1" }, { "status": "affected", "version": "5.4.1.1" }, { "status": "affected", "version": "5.4.2" }, { "status": "affected", "version": "5.4.3.1" }, { "status": "affected", "version": "5.4.4.1" }, { "status": "affected", "version": "5.4.4" }, { "status": "affected", "version": "5.4.4.3" }, { "status": "affected", "version": "5.4.3.3" }, { "status": "affected", "version": "5.4.5.1" }, { "status": "affected", "version": "5.4.5.2" }, { "status": "affected", "version": "5.4.5" }, { "status": "affected", "version": "5.4.6" }, { "status": "affected", "version": "5.4.7" }, { "status": "affected", "version": "5.4.7.1" }, { "status": "affected", "version": "5.5.1" }, { "status": "affected", "version": "5.5.2" }, { "status": "affected", "version": "5.5.2.1" }, { "status": "affected", "version": "5.5.2.3" }, { "status": "affected", "version": "5.5.2.4" }, { "status": "affected", "version": "5.5.2.9" }, { "status": "affected", "version": "5.5.2.10" }, { "status": "affected", "version": "5.5.3" }, { "status": "affected", "version": "5.5.2.7" }, { "status": "affected", "version": "5.5.2.12" }, { "status": "affected", "version": "5.5.4.1" }, { "status": "affected", "version": "5.5.3.1" }, { "status": "affected", "version": "5.5.5" }, { "status": "affected", "version": "5.5.6" }, { "status": "affected", "version": "5.5.7" }, { "status": "affected", "version": "5.5.8" }, { "status": "affected", "version": "5.6.1" }, { "status": "affected", "version": "5.6.3" }, { "status": "affected", "version": "5.6.2" }, { "status": "affected", "version": "5.6.5" }, { "status": "affected", "version": "5.6.6" }, { "status": "affected", "version": "5.6.6.1" }, { "status": "affected", "version": "5.6.7" }, { "status": "affected", "version": "5.6.7.1" }, { "status": "affected", "version": "5.6.8" }, { "status": "affected", "version": "5.6.8.1" }, { "status": "affected", "version": "5.6.11" }, { "status": "affected", "version": "5.6.13" }, { "status": "affected", "version": "5.6.14" }, { "status": "affected", "version": "5.6.14.1" }, { "status": "affected", "version": "5.7.1.1" }, { "status": "affected", "version": "5.7.1" }, { "status": "affected", "version": "5.7.2" }, { "status": "affected", "version": "5.7.2.1" }, { "status": "affected", "version": "5.7.3" }, { "status": "affected", "version": "5.7.4" }, { "status": "affected", "version": "5.7.5" }, { "status": "affected", "version": "5.7.5.1" }, { "status": "affected", "version": "5.7.6" }, { "status": "affected", "version": "5.7.6.2" }, { "status": "affected", "version": "5.7.8" }, { "status": "affected", "version": "5.7.10" }, { "status": "affected", "version": "5.7.10.2" }, { "status": "affected", "version": "5.7.11" }, { "status": "affected", "version": "5.7.13" }, { "status": "affected", "version": "5.7.14" }, { "status": "affected", "version": "5.7.9" }, { "status": "affected", "version": "5.7.9.1" }, { "status": "affected", "version": "5.8.1" }, { "status": "affected", "version": "5.8.2" }, { "status": "affected", "version": "5.8.2.1" }, { "status": "affected", "version": "5.8.5" }, { "status": "affected", "version": "5.8.10" }, { "status": "affected", "version": "5.8.11" }, { "status": "affected", "version": "5.8.9" }, { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "6.2" }, { "status": "affected", "version": "6.0.1.1" }, { "status": "affected", "version": "6.0.10" }, { "status": "affected", "version": "6.0.5" }, { "status": "affected", "version": "6.0.8" }, { "status": "affected", "version": "6.1.2.1" }, { "status": "affected", "version": "6.1.5" }, { "status": "affected", "version": "6.1.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\n\r This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-601", "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T17:23:34.938Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-ordir-MNM8YqzO", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO" } ], "source": { "advisory": "cisco-sa-nso-ordir-MNM8YqzO", "defects": [ "CSCwi31723" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20369", "datePublished": "2024-05-15T17:23:34.938Z", "dateReserved": "2023-11-08T15:08:07.653Z", "dateUpdated": "2024-08-01T21:59:42.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20655
Vulnerability from cvelistv5
Published
2024-11-15 15:56
Modified
2024-11-15 21:00
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: N/A |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr_software", "vendor": "cisco", "versions": [ { "lessThan": "7.0.2", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "7.1.1", "status": "affected", "version": "7.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "virtual_topology_system", "vendor": "cisco", "versions": [ { "lessThan": "2.6.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "4.3.9.1", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "4.4.5.6", "status": "affected", "version": "4.4.0.0", "versionType": "custom" }, { "lessThan": "4.5.7", "status": "affected", "version": "4.5.0", "versionType": "custom" }, { "lessThan": "4.6.1.7", "status": "affected", "version": "4.6.0", "versionType": "custom" }, { "lessThan": "4.7.1", "status": "affected", "version": "4.7.0", "versionType": "custom" }, { "lessThan": "5.1.0.1", "status": "affected", "version": "5.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "enterprise_nfv_infrastructure_software", "vendor": "cisco", "versions": [ { "lessThan": "3.12.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "catalyst_sd-wan_manager", "vendor": "cisco", "versions": [ { "lessThan": "18.4.4", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "19.2.1", "status": "affected", "version": "19.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:cisco:ios_xe_catalyst_sd-wan:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xe_catalyst_sd-wan", "vendor": "cisco", "versions": [ { "lessThan": "16.10.2", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "16.12.1b", "status": "affected", "version": "16.12.0", "versionType": "custom" }, { "lessThan": "17.2.1r", "status": "affected", "version": "17.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:sd-wan_vedge_router:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd-wan_vedge_router", "vendor": "cisco", "versions": [ { "lessThan": "18.4.4", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "19.2.1", "status": "affected", "version": "19.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:carrier_packet_transport:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "carrier_packet_transport", "vendor": "cisco", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-20655", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T19:43:18.170598Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:00:58.460Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Virtual Topology System (VTS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Enterprise NFV Infrastructure Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Catalyst SD-WAN", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Catalyst SD-WAN Manager", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco IOS XE Catalyst SD-WAN", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco SD-WAN vEdge Router", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Ultra Gateway Platform", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Carrier Packet Transport", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.5" }, { "status": "affected", "version": "3.1" }, { "status": "affected", "version": "3.2" }, { "status": "affected", "version": "2.5" }, { "status": "affected", "version": "2.0" }, { "status": "affected", "version": "9.2.2" }, { "status": "affected", "version": "1.4.0" }, { "status": "affected", "version": "1.0" }, { "status": "affected", "version": "1.1" }, { "status": "affected", "version": "1.2" }, { "status": "affected", "version": "2.1.0" }, { "status": "affected", "version": "2.3.0" }, { "status": "affected", "version": "2.3.3" }, { "status": "affected", "version": "2.3.5" }, { "status": "affected", "version": "2.3.4" }, { "status": "affected", "version": "2.0.1" }, { "status": "affected", "version": "2.0.0" }, { "status": "affected", "version": "2.0.3" }, { "status": "affected", "version": "2.0.4" }, { "status": "affected", "version": "2.0.5" }, { "status": "affected", "version": "2.4.0" }, { "status": "affected", "version": "2.2.2" }, { "status": "affected", "version": "2.2.3" }, { "status": "affected", "version": "10.8.0" }, { "status": "affected", "version": "7.0.3" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "1.0.2" }, { "status": "affected", "version": "1.1.1" }, { "status": "affected", "version": "1.1.2" }, { "status": "affected", "version": "4.1" }, { "status": "affected", "version": "4.0" }, { "status": "affected", "version": "12.1.0" }, { "status": "affected", "version": "9.8.1" }, { "status": "affected", "version": "9.8.0" }, { "status": "affected", "version": "4.1.82" }, { "status": "affected", "version": "4.1.4" }, { "status": "affected", "version": "4.6.1" }, { "status": "affected", "version": "4.0.4" }, { "status": "affected", "version": "4.0.3" }, { "status": "affected", "version": "6.2.4" }, { "status": "affected", "version": "3.0.5" }, { "status": "affected", "version": "3.0.6" }, { "status": "affected", "version": "3.0.7" }, { "status": "affected", "version": "3.0.3" }, { "status": "affected", "version": "3.0.0" }, { "status": "affected", "version": "9.5.0" }, { "status": "affected", "version": "9.5.3" }, { "status": "affected", "version": "9.5.1" }, { "status": "affected", "version": "9.5.2" }, { "status": "affected", "version": "9.7.0" }, { "status": "affected", "version": "9.521" }, { "status": "affected", "version": "4.5.0" }, { "status": "affected", "version": "4.7.0" }, { "status": "affected", "version": "3.2.0" }, { "status": "affected", "version": "3.2.1" }, { "status": "affected", "version": "3.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.\r\n The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:56:42.927Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cli-cmdinj-4MttWZPB", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB" }, { "name": "cisco-sa-confdcli-cmdinj-wybQDSSh", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh" } ], "source": { "advisory": "cisco-sa-cli-cmdinj-4MttWZPB", "defects": [ "CSCvq22323", "CSCvq58164", "CSCvq58224", "CSCvq58168", "CSCvq58183", "CSCvq58226", "CSCvz49669", "CSCvq58204", "CSCvm76596" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20655", "datePublished": "2024-11-15T15:56:42.927Z", "dateReserved": "2021-11-02T13:28:29.037Z", "dateUpdated": "2024-11-15T21:00:58.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20326
Vulnerability from cvelistv5
Published
2024-05-16 14:08
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Cisco | Cisco ConfD |
Version: 7.3.5 Version: 7.3.5.2 Version: 7.3.5.1 Version: 7.3.6 Version: 7.4.5.3 Version: 7.4.5.2 Version: 7.4.6 Version: 7.4.5.1 Version: 7.4.8 Version: 7.4.5 Version: 7.4.7 Version: 7.5.10 Version: 7.5.4 Version: 7.5.3.2 Version: 7.5.3.1 Version: 7.5.4.2 Version: 7.5.4.1 Version: 7.5.6.2 Version: 7.5.5 Version: 7.5.8 Version: 7.5.9 Version: 7.5.6 Version: 7.5.4.3 Version: 7.5.6.1 Version: 7.5.7 Version: 7.5.5.1 Version: 7.5.3 Version: 7.7 Version: 7.6 Version: 7.8 Version: 7.6.12 Version: 7.6.11 Version: 7.6.9 Version: 7.6.5 Version: 7.6.1 Version: 7.6.14.1 Version: 7.6.8.1 Version: 7.6.2 Version: 7.6.4 Version: 7.6.8 Version: 7.6.7 Version: 7.6.10 Version: 7.6.3 Version: 7.6.13 Version: 7.6.14 Version: 7.6.6 Version: 7.7.7 Version: 7.7.13 Version: 7.7.4 Version: 7.7.8 Version: 7.7.9 Version: 7.7.12 Version: 7.7.2 Version: 7.7.5 Version: 7.7.5.1 Version: 7.7.6 Version: 7.7.10 Version: 7.7.1 Version: 7.7.3 Version: 7.7.11 Version: 7.8.8 Version: 7.8.4 Version: 7.8.2 Version: 7.8.7 Version: 7.8.9 Version: 7.8.11 Version: 7.8.5 Version: 7.8.1 Version: 7.8.3 Version: 7.8.6 Version: 7.8.10 Version: 8.0.4 Version: 8.0.8 Version: 8.0.5 Version: 8.0.7 Version: 8.0.2 Version: 8.0.1 Version: 8.0.3 Version: 8.0.6 Version: 8.1 Version: 8.0 Version: 8.1.2 Version: 8.1.4 Version: 8.1.1 Version: 8.1.3 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:confd:7.5.3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "lessThan": "7.5.10.2", "status": "affected", "version": "7.5.3", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:7.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "lessThan": "7.6.14.2", "status": "affected", "version": "7.6", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:7.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "lessThan": "7.7.15", "status": "affected", "version": "7.7", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:7.8:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "lessThan": "7.8.13.1", "status": "affected", "version": "7.8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:8.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "lessThan": "8.0.12", "status": "affected", "version": "8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:7.1.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "status": "affected", "version": "7.1.7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:7.2.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "status": "affected", "version": "7.2.7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:7.3.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "status": "affected", "version": "7.3.7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:confd:7.4.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "confd", "vendor": "cisco", "versions": [ { "status": "affected", "version": "7.4.7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.1.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "status": "affected", "version": "5.1.7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.2.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "status": "affected", "version": "5.2.7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.3.5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "status": "affected", "version": "5.3.5" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.4.5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "status": "affected", "version": "5.4.5" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.5.3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "5.5.10.1", "status": "affected", "version": "5.5.3", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "5.6.14.3", "status": "affected", "version": "5.6", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": " \t5.7.15", "status": "affected", "version": "5.7", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:5.8:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": " \t5.8.13.1", "status": "affected", "version": "5.8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:6.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "6.0.12", "status": "affected", "version": "6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:6.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "6.1.7", "status": "affected", "version": "6.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:6.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "lessThan": "6.2.2", "status": "affected", "version": "6.2", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20326", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T15:55:41.498842Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:40:29.191Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nso-rwpesc-qrQGnh3f", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f" }, { "name": "cisco-sa-cnfd-rwpesc-ZAOufyx8", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco ConfD", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.3.5" }, { "status": "affected", "version": "7.3.5.2" }, { "status": "affected", "version": "7.3.5.1" }, { "status": "affected", "version": "7.3.6" }, { "status": "affected", "version": "7.4.5.3" }, { "status": "affected", "version": "7.4.5.2" }, { "status": "affected", "version": "7.4.6" }, { "status": "affected", "version": "7.4.5.1" }, { "status": "affected", "version": "7.4.8" }, { "status": "affected", "version": "7.4.5" }, { "status": "affected", "version": "7.4.7" }, { "status": "affected", "version": "7.5.10" }, { "status": "affected", "version": "7.5.4" }, { "status": "affected", "version": "7.5.3.2" }, { "status": "affected", "version": "7.5.3.1" }, { "status": "affected", "version": "7.5.4.2" }, { "status": "affected", "version": "7.5.4.1" }, { "status": "affected", "version": "7.5.6.2" }, { "status": "affected", "version": "7.5.5" }, { "status": "affected", "version": "7.5.8" }, { "status": "affected", "version": "7.5.9" }, { "status": "affected", "version": "7.5.6" }, { "status": "affected", "version": "7.5.4.3" }, { "status": "affected", "version": "7.5.6.1" }, { "status": "affected", "version": "7.5.7" }, { "status": "affected", "version": "7.5.5.1" }, { "status": "affected", "version": "7.5.3" }, { "status": "affected", "version": "7.7" }, { "status": "affected", "version": "7.6" }, { "status": "affected", "version": "7.8" }, { "status": "affected", "version": "7.6.12" }, { "status": "affected", "version": "7.6.11" }, { "status": "affected", "version": "7.6.9" }, { "status": "affected", "version": "7.6.5" }, { "status": "affected", "version": "7.6.1" }, { "status": "affected", "version": "7.6.14.1" }, { "status": "affected", "version": "7.6.8.1" }, { "status": "affected", "version": "7.6.2" }, { "status": "affected", "version": "7.6.4" }, { "status": "affected", "version": "7.6.8" }, { "status": "affected", "version": "7.6.7" }, { "status": "affected", "version": "7.6.10" }, { "status": "affected", "version": "7.6.3" }, { "status": "affected", "version": "7.6.13" }, { "status": "affected", "version": "7.6.14" }, { "status": "affected", "version": "7.6.6" }, { "status": "affected", "version": "7.7.7" }, { "status": "affected", "version": "7.7.13" }, { "status": "affected", "version": "7.7.4" }, { "status": "affected", "version": "7.7.8" }, { "status": "affected", "version": "7.7.9" }, { "status": "affected", "version": "7.7.12" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "7.7.5" }, { "status": "affected", "version": "7.7.5.1" }, { "status": "affected", "version": "7.7.6" }, { "status": "affected", "version": "7.7.10" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "7.7.3" }, { "status": "affected", "version": "7.7.11" }, { "status": "affected", "version": "7.8.8" }, { "status": "affected", "version": "7.8.4" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.8.7" }, { "status": "affected", "version": "7.8.9" }, { "status": "affected", "version": "7.8.11" }, { "status": "affected", "version": "7.8.5" }, { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.8.3" }, { "status": "affected", "version": "7.8.6" }, { "status": "affected", "version": "7.8.10" }, { "status": "affected", "version": "8.0.4" }, { "status": "affected", "version": "8.0.8" }, { "status": "affected", "version": "8.0.5" }, { "status": "affected", "version": "8.0.7" }, { "status": "affected", "version": "8.0.2" }, { "status": "affected", "version": "8.0.1" }, { "status": "affected", "version": "8.0.3" }, { "status": "affected", "version": "8.0.6" }, { "status": "affected", "version": "8.1" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1.2" }, { "status": "affected", "version": "8.1.4" }, { "status": "affected", "version": "8.1.1" }, { "status": "affected", "version": "8.1.3" } ] }, { "product": "Cisco ConfD Basic", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.0.1" }, { "status": "affected", "version": "8.0.6" }, { "status": "affected", "version": "8.0.4" }, { "status": "affected", "version": "8.0.2" }, { "status": "affected", "version": "8.0.3" }, { "status": "affected", "version": "8.0.5" }, { "status": "affected", "version": "8.0.10" }, { "status": "affected", "version": "8.0.11" }, { "status": "affected", "version": "8.0.7" }, { "status": "affected", "version": "8.0.8" }, { "status": "affected", "version": "8.0.9" }, { "status": "affected", "version": "7.8.3" }, { "status": "affected", "version": "8.0" } ] }, { "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.\n\n\nThis vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-16T14:08:18.634Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-rwpesc-qrQGnh3f", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f" }, { "name": "cisco-sa-cnfd-rwpesc-ZAOufyx8", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8" } ], "source": { "advisory": "cisco-sa-nso-rwpesc-qrQGnh3f", "defects": [ "CSCwj67262", "CSCwi31715" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20326", "datePublished": "2024-05-16T14:08:18.634Z", "dateReserved": "2023-11-08T15:08:07.640Z", "dateUpdated": "2024-08-01T21:59:41.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }