← Back

CVE-2024-20389

nvd nist
Published: May 16, 2024Modified: Jul 30, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.

Affected (3)

Cisco
2 products
Crosswork Network Services Orchestrator
Confd Basic
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Crosswork Network Services Orchestrator
Version 6.2.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Crosswork Network Services Orchestrator
Version 6.0.11
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Confd Basic
Version 8.0.11

Related CWEs

CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.