Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0772
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Cisco | Crosswork NSO | Crosswork NSO versions 6.1.x antérieures à 6.1.9 | ||
Cisco | Routed Passive Optical Network Controller | Routed Passive Optical Network Controller versions antérieures à 24.4.1 | ||
Cisco | IOS XR | IOS XR versions postérieures à 24.1.x et antérieures à 24.2.2 | ||
Cisco | Crosswork NSO | Crosswork NSO versions 6.2.x antérieures à 6.2.3 | ||
Cisco | IOS XR | IOS XR versions 24.4.x antérieures à 24.4.1 | ||
Cisco | Crosswork NSO | Crosswork NSO versions 5.8.x antérieures à 5.8.13.1 | ||
Cisco | ConfD | ConfD versions 7.7.x antérieures à 7.7.16 | ||
Cisco | Crosswork NSO | Crosswork NSO versions 5.5.x antérieures à 5.5.10.1 | ||
Cisco | ConfD | ConfD versions 7.5.x antérieures à 7.5.10.2 | ||
Cisco | Crosswork NSO | Crosswork NSO versions 6.0.x antérieures à 6.0.13 | ||
Cisco | Crosswork NSO | Crosswork NSO versions 5.7.x antérieures à 5.7.16 | ||
Cisco | IOS XR | IOS XR versions postérieures à 7.10.x antérieures à 7.11.21 | ||
Cisco | Crosswork NSO | Crosswork NSO versions 5.6.x antérieures à 5.6.14.3 | ||
Cisco | ConfD | ConfD versions 8.0.x antérieures à 8.0.13 | ||
Cisco | Optical Site Manager | Optical Site Manager versions antérieures à 24.3.1 |
References
Title | Publication Time | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Crosswork NSO versions 6.1.x ant\u00e9rieures \u00e0 6.1.9", "product": { "name": "Crosswork NSO", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Routed Passive Optical Network Controller versions ant\u00e9rieures \u00e0 24.4.1", "product": { "name": "Routed Passive Optical Network Controller", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "IOS XR versions post\u00e9rieures \u00e0 24.1.x et ant\u00e9rieures \u00e0 24.2.2 ", "product": { "name": "IOS XR", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Crosswork NSO versions 6.2.x ant\u00e9rieures \u00e0 6.2.3", "product": { "name": "Crosswork NSO", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "IOS XR versions 24.4.x ant\u00e9rieures \u00e0 24.4.1", "product": { "name": "IOS XR", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Crosswork NSO versions 5.8.x ant\u00e9rieures \u00e0 5.8.13.1", "product": { "name": "Crosswork NSO", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "ConfD versions 7.7.x ant\u00e9rieures \u00e0 7.7.16", "product": { "name": "ConfD", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Crosswork NSO versions 5.5.x ant\u00e9rieures \u00e0 5.5.10.1", "product": { "name": "Crosswork NSO", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "ConfD versions 7.5.x ant\u00e9rieures \u00e0 7.5.10.2", "product": { "name": "ConfD", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Crosswork NSO versions 6.0.x ant\u00e9rieures \u00e0 6.0.13", "product": { "name": "Crosswork NSO", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Crosswork NSO versions 5.7.x ant\u00e9rieures \u00e0 5.7.16", "product": { "name": "Crosswork NSO", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "IOS XR versions post\u00e9rieures \u00e0 7.10.x ant\u00e9rieures \u00e0 7.11.21", "product": { "name": "IOS XR", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Crosswork NSO versions 5.6.x ant\u00e9rieures \u00e0 5.6.14.3", "product": { "name": "Crosswork NSO", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "ConfD versions 8.0.x ant\u00e9rieures \u00e0 8.0.13", "product": { "name": "ConfD", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Optical Site Manager versions ant\u00e9rieures \u00e0 24.3.1", "product": { "name": "Optical Site Manager", "vendor": { "name": "Cisco", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20406", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20406" }, { "name": "CVE-2024-20483", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20483" }, { "name": "CVE-2024-20317", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20317" }, { "name": "CVE-2024-20489", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20489" }, { "name": "CVE-2024-20398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20398" }, { "name": "CVE-2024-20381", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20381" }, { "name": "CVE-2024-20304", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20304" } ], "initial_release_date": "2024-09-12T00:00:00", "last_revision_date": "2024-09-12T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0772", "revisions": [ { "description": "Version initiale", "revision_date": "2024-09-12T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco", "vendor_advisories": [ { "published_at": "2024-09-11", "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nso-auth-bypass-QnTEesp", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp" }, { "published_at": "2024-09-11", "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-ponctlr-ci-OHcHmsFL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL" }, { "published_at": "2024-09-11", "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-isis-xehpbVNe", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe" }, { "published_at": "2024-09-11", "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-l2services-2mvHdNuC", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC" }, { "published_at": "2024-09-11", "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-priv-esc-CrG5vhCq", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq" }, { "published_at": "2024-09-11", "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-pak-mem-exhst-3ke9FeFy", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy" } ] }
CVE-2024-20317 (GCVE-0-2024-20317)
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-11 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-684 - Incorrect Provision of Specified Functionality
Summary
A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.
This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XR Software |
Version: 7.7.1 Version: 7.8.1 Version: 7.7.2 Version: 7.9.1 Version: 7.8.2 Version: 7.8.22 Version: 7.10.1 Version: 7.7.21 Version: 7.9.2 Version: 7.9.21 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20317", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-11T20:37:33.903637Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T20:38:58.530Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "7.9.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.8.22" }, { "status": "affected", "version": "7.10.1" }, { "status": "affected", "version": "7.7.21" }, { "status": "affected", "version": "7.9.2" }, { "status": "affected", "version": "7.9.21" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-684", "description": "Incorrect Provision of Specified Functionality", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T16:38:33.082Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-l2services-2mvHdNuC", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC" } ], "source": { "advisory": "cisco-sa-l2services-2mvHdNuC", "defects": [ "CSCwh30122" ], "discovery": "EXTERNAL" }, "title": "Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20317", "datePublished": "2024-09-11T16:38:33.082Z", "dateReserved": "2023-11-08T15:08:07.632Z", "dateUpdated": "2024-09-11T20:38:58.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-20406 (GCVE-0-2024-20406)
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-11 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition.
Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XR Software |
Version: 7.4.1 Version: 6.8.1 Version: 7.4.15 Version: 7.5.1 Version: 7.4.16 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.7.1 Version: 6.8.2 Version: 7.4.2 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 7.6.3 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20406", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-11T20:38:32.503942Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T20:38:41.758Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.4.1" }, { "status": "affected", "version": "6.8.1" }, { "status": "affected", "version": "7.4.15" }, { "status": "affected", "version": "7.5.1" }, { "status": "affected", "version": "7.4.16" }, { "status": "affected", "version": "7.6.1" }, { "status": "affected", "version": "7.5.2" }, { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.6.15" }, { "status": "affected", "version": "7.5.12" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "6.8.2" }, { "status": "affected", "version": "7.4.2" }, { "status": "affected", "version": "6.9.1" }, { "status": "affected", "version": "7.6.2" }, { "status": "affected", "version": "7.5.3" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "6.9.2" }, { "status": "affected", "version": "7.9.1" }, { "status": "affected", "version": "7.10.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.5.4" }, { "status": "affected", "version": "7.8.22" }, { "status": "affected", "version": "7.7.21" }, { "status": "affected", "version": "7.9.2" }, { "status": "affected", "version": "7.5.5" }, { "status": "affected", "version": "7.11.1" }, { "status": "affected", "version": "7.9.21" }, { "status": "affected", "version": "7.10.2" }, { "status": "affected", "version": "7.6.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition.\r\nNote: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T16:38:50.133Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-isis-xehpbVNe", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe" } ], "source": { "advisory": "cisco-sa-isis-xehpbVNe", "defects": [ "CSCwi39542" ], "discovery": "EXTERNAL" }, "title": "Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20406", "datePublished": "2024-09-11T16:38:50.133Z", "dateReserved": "2023-11-08T15:08:07.661Z", "dateUpdated": "2024-09-11T20:38:41.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-20489 (GCVE-0-2024-20489)
Vulnerability from cvelistv5
Published
2024-09-11 16:39
Modified
2024-09-11 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-256 - Unprotected Storage of Credentials
Summary
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.
This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XR Software |
Version: 24.1.1 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.3.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr", "vendor": "cisco", "versions": [ { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" }, { "status": "affected", "version": "24.3.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20489", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-11T20:04:09.480088Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T20:12:26.719Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" }, { "status": "affected", "version": "24.3.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\r\n\r\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-256", "description": "Unprotected Storage of Credentials", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T16:39:06.449Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL" } ], "source": { "advisory": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL", "defects": [ "CSCwi81017" ], "discovery": "INTERNAL" }, "title": "Cisco Routed Passive Optical Network Cleartext Password Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20489", "datePublished": "2024-09-11T16:39:06.449Z", "dateReserved": "2023-11-08T15:08:07.685Z", "dateUpdated": "2024-09-11T20:12:26.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-20483 (GCVE-0-2024-20483)
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-20 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.
These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XR Software |
Version: 24.1.1 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.3.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr", "vendor": "cisco", "versions": [ { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" }, { "status": "affected", "version": "24.3.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20483", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-20T03:55:21.862Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" }, { "status": "affected", "version": "24.3.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.\r\n\r\nThese vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T16:38:57.862Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL" } ], "source": { "advisory": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL", "defects": [ "CSCwi81011" ], "discovery": "INTERNAL" }, "title": "Cisco IOS XR PON Controller Command Injection Vulnerabilities" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20483", "datePublished": "2024-09-11T16:38:57.862Z", "dateReserved": "2023-11-08T15:08:07.684Z", "dateUpdated": "2024-09-20T03:55:21.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-20304 (GCVE-0-2024-20304)
Vulnerability from cvelistv5
Published
2024-09-11 16:39
Modified
2024-09-11 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.
This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.
Note: This vulnerability can be exploited using IPv4 or IPv6.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XR Software |
Version: 7.8.1 Version: 7.8.12 Version: 7.7.1 Version: 7.7.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr", "vendor": "cisco", "versions": [ { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.8.12" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "7.9.1" }, { "status": "affected", "version": "7.10.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.8.22" }, { "status": "affected", "version": "7.7.21" }, { "status": "affected", "version": "7.9.2" }, { "status": "affected", "version": "7.11.1" }, { "status": "affected", "version": "7.9.21" }, { "status": "affected", "version": "7.10.2" }, { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "7.11.2" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20304", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-11T20:05:37.476896Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T20:11:14.196Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.8.12" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "7.9.1" }, { "status": "affected", "version": "7.10.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.8.22" }, { "status": "affected", "version": "7.7.21" }, { "status": "affected", "version": "7.9.2" }, { "status": "affected", "version": "7.11.1" }, { "status": "affected", "version": "7.9.21" }, { "status": "affected", "version": "7.10.2" }, { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "7.11.2" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.\r\n\r\nThis vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.\r\nNote: This vulnerability can be exploited using IPv4 or IPv6." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T16:39:54.503Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-pak-mem-exhst-3ke9FeFy", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy" } ], "source": { "advisory": "cisco-sa-pak-mem-exhst-3ke9FeFy", "defects": [ "CSCwk63828" ], "discovery": "EXTERNAL" }, "title": "Cisco IOS XR Software Packet Memory Exhaustion Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20304", "datePublished": "2024-09-11T16:39:54.503Z", "dateReserved": "2023-11-08T15:08:07.630Z", "dateUpdated": "2024-09-11T20:11:14.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-20381 (GCVE-0-2024-20381)
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-27 13:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.
This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.29 Version: 6.5.1 Version: 6.6.1 Version: 6.5.2 Version: 6.5.92 Version: 6.5.15 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.5.26 Version: 6.6.11 Version: 6.5.25 Version: 6.5.28 Version: 6.5.93 Version: 6.6.12 Version: 6.5.90 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 6.6.4 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 6.5.31 Version: 7.3.15 Version: 7.3.16 Version: 6.8.1 Version: 7.4.15 Version: 6.5.32 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.8.12 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.3.4 Version: 7.4.2 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 6.5.33 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.5.52 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 |
||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "network_services_orchestrator", "vendor": "cisco", "versions": [ { "status": "affected", "version": "5.4.1" }, { "status": "affected", "version": "5.3.1" } ] }, { "cpes": [ "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "small_business_rv_series_router_firmware", "vendor": "cisco", "versions": [ { "status": "affected", "version": "1.0.01.17" }, { "status": "affected", "version": "1.0.03.17" } ] }, { "cpes": [ "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr", "vendor": "cisco", "versions": [ { "status": "affected", "version": "6.5.3" }, { "status": "affected", "version": "6.5.29" }, { "status": "affected", "version": "6.5.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.5.2" }, { "status": "affected", "version": "6.5.92" }, { "status": "affected", "version": "6.5.15" }, { "status": "affected", "version": "6.6.2" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.6.25" }, { "status": "affected", "version": "6.5.28" }, { "status": "affected", "version": "6.5.93" }, { "status": "affected", "version": "6.6.12" }, { "status": "affected", "version": "6.5.90" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.0.90" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.7.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.1.15" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.1" }, { "status": "affected", "version": "6.7.2" }, { "status": "affected", "version": "7.0.11" }, { "status": "affected", "version": "7.0.12" }, { "status": "affected", "version": "7.0.14" }, { "status": "affected", "version": "7.1.25" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "7.2.12" }, { "status": "affected", "version": "7.3.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20381", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-27T03:55:16.289362Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-27T13:58:21.912Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.5.3" }, { "status": "affected", "version": "6.5.29" }, { "status": "affected", "version": "6.5.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.5.2" }, { "status": "affected", "version": "6.5.92" }, { "status": "affected", "version": "6.5.15" }, { "status": "affected", "version": "6.6.2" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.6.25" }, { "status": "affected", "version": "6.5.26" }, { "status": "affected", "version": "6.6.11" }, { "status": "affected", "version": "6.5.25" }, { "status": "affected", "version": "6.5.28" }, { "status": "affected", "version": "6.5.93" }, { "status": "affected", "version": "6.6.12" }, { "status": "affected", "version": "6.5.90" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.0.90" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.7.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.1.15" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "6.7.2" }, { "status": "affected", "version": "7.0.11" }, { "status": "affected", "version": "7.0.12" }, { "status": "affected", "version": "7.0.14" }, { "status": "affected", "version": "7.1.25" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "7.2.12" }, { "status": "affected", "version": "7.3.1" }, { "status": "affected", "version": "7.1.3" }, { "status": "affected", "version": "6.7.3" }, { "status": "affected", "version": "7.4.1" }, { "status": "affected", "version": "7.2.2" }, { "status": "affected", "version": "6.7.4" }, { "status": "affected", "version": "6.5.31" }, { "status": "affected", "version": "7.3.15" }, { "status": "affected", "version": "7.3.16" }, { "status": "affected", "version": "6.8.1" }, { "status": "affected", "version": "7.4.15" }, { "status": "affected", "version": "6.5.32" }, { "status": "affected", "version": "7.3.2" }, { "status": "affected", "version": "7.5.1" }, { "status": "affected", "version": "7.4.16" }, { "status": "affected", "version": "7.3.27" }, { "status": "affected", "version": "7.6.1" }, { "status": "affected", "version": "7.5.2" }, { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.6.15" }, { "status": "affected", "version": "7.5.12" }, { "status": "affected", "version": "7.8.12" }, { "status": "affected", "version": "7.3.3" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "6.8.2" }, { "status": "affected", "version": "7.3.4" }, { "status": "affected", "version": "7.4.2" }, { "status": "affected", "version": "6.7.35" }, { "status": "affected", "version": "6.9.1" }, { "status": "affected", "version": "7.6.2" }, { "status": "affected", "version": "7.5.3" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "6.9.2" }, { "status": "affected", "version": "7.9.1" }, { "status": "affected", "version": "7.10.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.5.4" }, { "status": "affected", "version": "6.5.33" }, { "status": "affected", "version": "7.8.22" }, { "status": "affected", "version": "7.7.21" }, { "status": "affected", "version": "7.9.2" }, { "status": "affected", "version": "7.3.5" }, { "status": "affected", "version": "7.5.5" }, { "status": "affected", "version": "7.11.1" }, { "status": "affected", "version": "7.9.21" }, { "status": "affected", "version": "7.10.2" }, { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "7.6.3" }, { "status": "affected", "version": "7.3.6" }, { "status": "affected", "version": "7.5.52" }, { "status": "affected", "version": "7.11.2" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" } ] }, { "defaultStatus": "unknown", "product": "Cisco Network Services Orchestrator", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "5.4.1" }, { "status": "affected", "version": "5.3.1" }, { "status": "affected", "version": "4.4.1" }, { "status": "affected", "version": "5.2.1.1" }, { "status": "affected", "version": "5.4.0.1" }, { "status": "affected", "version": "4.7.1" }, { "status": "affected", "version": "5.2.0.3" }, { "status": "affected", "version": "5.2.1" }, { "status": "affected", "version": "5.1.2" }, { "status": "affected", "version": "5.4" }, { "status": "affected", "version": "4.5.1" }, { "status": "affected", "version": "5.4.0.2" }, { "status": "affected", "version": "4.7.3" }, { "status": "affected", "version": "5.2.0.4" }, { "status": "affected", "version": "5.1.1.1" }, { "status": "affected", "version": "5.1.1.3" }, { "status": "affected", "version": "5.2.3.2" }, { "status": "affected", "version": "5.4.1.1" }, { "status": "affected", "version": "5.5" }, { "status": "affected", "version": "5.4.2" }, { "status": "affected", "version": "5.5.1" }, { "status": "affected", "version": "5.4.3" }, { "status": "affected", "version": "5.4.3.1" }, { "status": "affected", "version": "5.5.2" }, { "status": "affected", "version": "5.3.4.3" }, { "status": "affected", "version": "5.5.2.1" }, { "status": "affected", "version": "5.5.2.2" }, { "status": "affected", "version": "5.4.3.2" }, { "status": "affected", "version": "5.5.2.3" }, { "status": "affected", "version": "5.4.4" }, { "status": "affected", "version": "5.4.4.1" }, { "status": "affected", "version": "5.5.2.4" }, { "status": "affected", "version": "5.5.2.5" }, { "status": "affected", "version": "5.5.2.6" }, { "status": "affected", "version": "5.4.4.2" }, { "status": "affected", "version": "5.4.3.3" }, { "status": "affected", "version": "5.5.2.7" }, { "status": "affected", "version": "5.5.2.8" }, { "status": "affected", "version": "5.4.3.4" }, { "status": "affected", "version": "5.4.4.3" }, { "status": "affected", "version": "5.6" }, { "status": "affected", "version": "5.5.2.9" }, { "status": "affected", "version": "5.5.3" }, { "status": "affected", "version": "5.5.2.10" }, { "status": "affected", "version": "5.6.1" }, { "status": "affected", "version": "5.5.2.11" }, { "status": "affected", "version": "5.6.2" }, { "status": "affected", "version": "5.5.3.1" }, { "status": "affected", "version": "5.4.5" }, { "status": "affected", "version": "5.4.5.1" }, { "status": "affected", "version": "5.5.4" }, { "status": "affected", "version": "5.6.3" }, { "status": "affected", "version": "5.5.4.1" }, { "status": "affected", "version": "5.7" }, { "status": "affected", "version": "5.5.2.12" }, { "status": "affected", "version": "5.4.2.1" }, { "status": "affected", "version": "5.6.3.1" }, { "status": "affected", "version": "5.4.5.2" }, { "status": "affected", "version": "5.7.1" }, { "status": "affected", "version": "5.7.1.1" }, { "status": "affected", "version": "5.6.4" }, { "status": "affected", "version": "5.4.2.2" }, { "status": "affected", "version": "5.4.6" }, { "status": "affected", "version": "5.7.2" }, { "status": "affected", "version": "5.7.2.1" }, { "status": "affected", "version": "5.6.5" }, { "status": "affected", "version": "5.5.5" }, { "status": "affected", "version": "5.7.3" }, { "status": "affected", "version": "5.8" }, { "status": "affected", "version": "5.6.6.1" }, { "status": "affected", "version": "5.7.5.1" }, { "status": "affected", "version": "5.6.7.1" }, { "status": "affected", "version": "5.6.7" }, { "status": "affected", "version": "5.5.6.1" }, { "status": "affected", "version": "5.8.1" }, { "status": "affected", "version": "5.6.6" }, { "status": "affected", "version": "5.4.7" }, { "status": "affected", "version": "5.8.2.1" }, { "status": "affected", "version": "5.7.5" }, { "status": "affected", "version": "5.7.4" }, { "status": "affected", "version": "5.8.2" }, { "status": "affected", "version": "5.5.6" }, { "status": "affected", "version": "5.6.7.2" }, { "status": "affected", "version": "5.7.6" }, { "status": "affected", "version": "5.7.6.1" }, { "status": "affected", "version": "5.8.3" }, { "status": "affected", "version": "5.6.8" }, { "status": "affected", "version": "5.7.6.2" }, { "status": "affected", "version": "5.8.4" }, { "status": "affected", "version": "5.5.7" }, { "status": "affected", "version": "5.7.7" }, { "status": "affected", "version": "5.6.9" }, { "status": "affected", "version": "5.6.8.1" }, { "status": "affected", "version": "5.8.5" }, { "status": "affected", "version": "5.5.8" }, { "status": "affected", "version": "5.7.8" }, { "status": "affected", "version": "5.4.7.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "5.7.8.1" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "5.6.10" }, { "status": "affected", "version": "5.8.6" }, { "status": "affected", "version": "6.0.1.1" }, { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "5.7.9" }, { "status": "affected", "version": "5.5.9" }, { "status": "affected", "version": "5.6.11" }, { "status": "affected", "version": "5.8.7" }, { "status": "affected", "version": "6.0.3" }, { "status": "affected", "version": "5.7.10" }, { "status": "affected", "version": "5.6.12" }, { "status": "affected", "version": "5.8.8" }, { "status": "affected", "version": "6.0.4" }, { "status": "affected", "version": "5.5.10" }, { "status": "affected", "version": "5.7.10.1" }, { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "5.7.6.3" }, { "status": "affected", "version": "5.7.11" }, { "status": "affected", "version": "6.0.5" }, { "status": "affected", "version": "5.6.13" }, { "status": "affected", "version": "5.8.9" }, { "status": "affected", "version": "6.1.1" }, { "status": "affected", "version": "5.7.10.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "5.7.12" }, { "status": "affected", "version": "6.1.2" }, { "status": "affected", "version": "5.6.14" }, { "status": "affected", "version": "6.1.2.1" }, { "status": "affected", "version": "5.8.10" }, { "status": "affected", "version": "6.0.7" }, { "status": "affected", "version": "6.1.3" }, { "status": "affected", "version": "5.7.13" }, { "status": "affected", "version": "5.8.11" }, { "status": "affected", "version": "6.1.3.1" }, { "status": "affected", "version": "6.0.8" }, { "status": "affected", "version": "6.1.4" }, { "status": "affected", "version": "5.6.14.1" }, { "status": "affected", "version": "5.8.12" }, { "status": "affected", "version": "6.0.9" }, { "status": "affected", "version": "6.1.5" }, { "status": "affected", "version": "6.2" }, { "status": "affected", "version": "5.8.13" }, { "status": "affected", "version": "5.7.14" }, { "status": "affected", "version": "6.0.10" }, { "status": "affected", "version": "6.1.6" }, { "status": "affected", "version": "6.1.6.1" }, { "status": "affected", "version": "6.0.11" }, { "status": "affected", "version": "6.1.7" }, { "status": "affected", "version": "6.2.2" }, { "status": "affected", "version": "5.7.15" }, { "status": "affected", "version": "6.1.3.2" }, { "status": "affected", "version": "6.1.7.1" }, { "status": "affected", "version": "6.0.12" }, { "status": "affected", "version": "6.1.8" }, { "status": "affected", "version": "5.7.9.1" }, { "status": "affected", "version": "5.7.15.1" }, { "status": "affected", "version": "6.1.10" }, { "status": "affected", "version": "6.1.11" }, { "status": "affected", "version": "5.1.4.3" }, { "status": "affected", "version": "6.1.11.1" }, { "status": "affected", "version": "6.1.11.2" }, { "status": "affected", "version": "5.7.17" }, { "status": "affected", "version": "6.1.12" } ] }, { "defaultStatus": "unknown", "product": "Cisco Small Business RV Series Router Firmware", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "1.0.01.17" }, { "status": "affected", "version": "1.0.03.17" }, { "status": "affected", "version": "1.0.01.16" }, { "status": "affected", "version": "1.0.01.18" }, { "status": "affected", "version": "1.0.00.29" }, { "status": "affected", "version": "1.0.03.16" }, { "status": "affected", "version": "1.0.03.15" }, { "status": "affected", "version": "1.0.02.16" }, { "status": "affected", "version": "1.0.01.20" }, { "status": "affected", "version": "1.0.00.33" }, { "status": "affected", "version": "1.0.03.18" }, { "status": "affected", "version": "1.0.03.19" }, { "status": "affected", "version": "1.0.03.20" }, { "status": "affected", "version": "1.0.03.21" }, { "status": "affected", "version": "1.0.03.22" }, { "status": "affected", "version": "1.0.03.24" }, { "status": "affected", "version": "1.0.03.26" }, { "status": "affected", "version": "1.0.03.27" }, { "status": "affected", "version": "1.0.03.28" }, { "status": "affected", "version": "1.0.03.29" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "Improper Authorization", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-25T16:24:52.271Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nso-auth-bypass-QnTEesp", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp" } ], "source": { "advisory": "cisco-sa-nso-auth-bypass-QnTEesp", "defects": [ "CSCwj26769" ], "discovery": "INTERNAL" }, "title": "Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20381", "datePublished": "2024-09-11T16:38:42.096Z", "dateReserved": "2023-11-08T15:08:07.656Z", "dateUpdated": "2024-09-27T13:58:21.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-20398 (GCVE-0-2024-20398)
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-12 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.29 Version: 6.5.1 Version: 6.6.1 Version: 6.5.2 Version: 6.5.92 Version: 6.5.15 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.5.26 Version: 6.6.11 Version: 6.5.25 Version: 6.5.28 Version: 6.5.93 Version: 6.6.12 Version: 6.5.90 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 6.6.4 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 7.4.1 Version: 7.2.2 Version: 6.5.31 Version: 7.3.15 Version: 7.3.16 Version: 7.4.15 Version: 6.5.32 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.8.12 Version: 7.3.3 Version: 7.7.1 Version: 7.3.4 Version: 7.4.2 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 6.5.33 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.5.52 Version: 7.11.2 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xr_software:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr_software", "vendor": "cisco", "versions": [ { "lessThanOrEqual": "7.11.2", "status": "affected", "version": "6.5.3", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20398", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-11T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T03:55:39.920Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.5.3" }, { "status": "affected", "version": "6.5.29" }, { "status": "affected", "version": "6.5.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.5.2" }, { "status": "affected", "version": "6.5.92" }, { "status": "affected", "version": "6.5.15" }, { "status": "affected", "version": "6.6.2" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.6.25" }, { "status": "affected", "version": "6.5.26" }, { "status": "affected", "version": "6.6.11" }, { "status": "affected", "version": "6.5.25" }, { "status": "affected", "version": "6.5.28" }, { "status": "affected", "version": "6.5.93" }, { "status": "affected", "version": "6.6.12" }, { "status": "affected", "version": "6.5.90" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.0.90" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.1.15" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "7.0.11" }, { "status": "affected", "version": "7.0.12" }, { "status": "affected", "version": "7.0.14" }, { "status": "affected", "version": "7.1.25" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "7.2.12" }, { "status": "affected", "version": "7.3.1" }, { "status": "affected", "version": "7.1.3" }, { "status": "affected", "version": "7.4.1" }, { "status": "affected", "version": "7.2.2" }, { "status": "affected", "version": "6.5.31" }, { "status": "affected", "version": "7.3.15" }, { "status": "affected", "version": "7.3.16" }, { "status": "affected", "version": "7.4.15" }, { "status": "affected", "version": "6.5.32" }, { "status": "affected", "version": "7.3.2" }, { "status": "affected", "version": "7.5.1" }, { "status": "affected", "version": "7.4.16" }, { "status": "affected", "version": "7.3.27" }, { "status": "affected", "version": "7.6.1" }, { "status": "affected", "version": "7.5.2" }, { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.6.15" }, { "status": "affected", "version": "7.5.12" }, { "status": "affected", "version": "7.8.12" }, { "status": "affected", "version": "7.3.3" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "7.3.4" }, { "status": "affected", "version": "7.4.2" }, { "status": "affected", "version": "7.6.2" }, { "status": "affected", "version": "7.5.3" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "7.9.1" }, { "status": "affected", "version": "7.10.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.5.4" }, { "status": "affected", "version": "6.5.33" }, { "status": "affected", "version": "7.8.22" }, { "status": "affected", "version": "7.7.21" }, { "status": "affected", "version": "7.9.2" }, { "status": "affected", "version": "7.3.5" }, { "status": "affected", "version": "7.5.5" }, { "status": "affected", "version": "7.11.1" }, { "status": "affected", "version": "7.9.21" }, { "status": "affected", "version": "7.10.2" }, { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "7.6.3" }, { "status": "affected", "version": "7.3.6" }, { "status": "affected", "version": "7.5.52" }, { "status": "affected", "version": "7.11.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T16:38:23.982Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxr-priv-esc-CrG5vhCq", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq" } ], "source": { "advisory": "cisco-sa-iosxr-priv-esc-CrG5vhCq", "defects": [ "CSCwj25248" ], "discovery": "EXTERNAL" }, "title": "Cisco IOS XR Software Local Privilege Escalation Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20398", "datePublished": "2024-09-11T16:38:23.982Z", "dateReserved": "2023-11-08T15:08:07.660Z", "dateUpdated": "2024-09-12T03:55:39.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…