CVE-2024-20326

EPSS 0.43%
Veröffentlicht 16.05.2024 14:15:08
Zuletzt bearbeitet 25.07.2025 14:39:47
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the ConfD CLI and the Cisco  Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.


This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Confd Basic Version7.1.7

Cisco ≫ Confd Basic Version7.8.3

Cisco ≫ Confd Basic Version8.0

Cisco ≫ Confd Basic Version8.0.1

Cisco ≫ Confd Basic Version8.0.2

Cisco ≫ Confd Basic Version8.0.3

Cisco ≫ Confd Basic Version8.0.4

Cisco ≫ Confd Basic Version8.0.5

Cisco ≫ Confd Basic Version8.0.6

Cisco ≫ Confd Basic Version8.0.7

Cisco ≫ Confd Basic Version8.0.8

Cisco ≫ Confd Basic Version8.0.9

Cisco ≫ Confd Basic Version8.0.10

Cisco ≫ Confd Basic Version8.0.11

Cisco ≫ Confd Premium Version7.3.5

Cisco ≫ Confd Premium Version7.3.5.1

Cisco ≫ Confd Premium Version7.3.5.2

Cisco ≫ Confd Premium Version7.3.6

Cisco ≫ Confd Premium Version7.4.5

Cisco ≫ Confd Premium Version7.4.5.1

Cisco ≫ Confd Premium Version7.4.5.2

Cisco ≫ Confd Premium Version7.4.5.3

Cisco ≫ Confd Premium Version7.4.6

Cisco ≫ Confd Premium Version7.4.7

Cisco ≫ Confd Premium Version7.4.8

Cisco ≫ Confd Premium Version7.5.3

Cisco ≫ Confd Premium Version7.5.3.1

Cisco ≫ Confd Premium Version7.5.3.2

Cisco ≫ Confd Premium Version7.5.4

Cisco ≫ Confd Premium Version7.5.4.1

Cisco ≫ Confd Premium Version7.5.4.2

Cisco ≫ Confd Premium Version7.5.4.3

Cisco ≫ Confd Premium Version7.5.5

Cisco ≫ Confd Premium Version7.5.5.1

Cisco ≫ Confd Premium Version7.5.6

Cisco ≫ Confd Premium Version7.5.6.1

Cisco ≫ Confd Premium Version7.5.6.2

Cisco ≫ Confd Premium Version7.5.7

Cisco ≫ Confd Premium Version7.5.8

Cisco ≫ Confd Premium Version7.5.9

Cisco ≫ Confd Premium Version7.5.10

Cisco ≫ Confd Premium Version7.6

Cisco ≫ Confd Premium Version7.6.1

Cisco ≫ Confd Premium Version7.6.2

Cisco ≫ Confd Premium Version7.6.3

Cisco ≫ Confd Premium Version7.6.4

Cisco ≫ Confd Premium Version7.6.5

Cisco ≫ Confd Premium Version7.6.6

Cisco ≫ Confd Premium Version7.6.7

Cisco ≫ Confd Premium Version7.6.8

Cisco ≫ Confd Premium Version7.6.8.1

Cisco ≫ Confd Premium Version7.6.9

Cisco ≫ Confd Premium Version7.6.10

Cisco ≫ Confd Premium Version7.6.11

Cisco ≫ Confd Premium Version7.6.12

Cisco ≫ Confd Premium Version7.6.13

Cisco ≫ Confd Premium Version7.6.14

Cisco ≫ Confd Premium Version7.6.14.1

Cisco ≫ Confd Premium Version7.7

Cisco ≫ Confd Premium Version7.7.1

Cisco ≫ Confd Premium Version7.7.2

Cisco ≫ Confd Premium Version7.7.3

Cisco ≫ Confd Premium Version7.7.4

Cisco ≫ Confd Premium Version7.7.5

Cisco ≫ Confd Premium Version7.7.5.1

Cisco ≫ Confd Premium Version7.7.6

Cisco ≫ Confd Premium Version7.7.7

Cisco ≫ Confd Premium Version7.7.8

Cisco ≫ Confd Premium Version7.7.9

Cisco ≫ Confd Premium Version7.7.10

Cisco ≫ Confd Premium Version7.7.11

Cisco ≫ Confd Premium Version7.7.12

Cisco ≫ Confd Premium Version7.7.13

Cisco ≫ Confd Premium Version7.8

Cisco ≫ Confd Premium Version7.8.1

Cisco ≫ Confd Premium Version7.8.2

Cisco ≫ Confd Premium Version7.8.3

Cisco ≫ Confd Premium Version7.8.4

Cisco ≫ Confd Premium Version7.8.5

Cisco ≫ Confd Premium Version7.8.6

Cisco ≫ Confd Premium Version7.8.7

Cisco ≫ Confd Premium Version7.8.8

Cisco ≫ Confd Premium Version7.8.9

Cisco ≫ Confd Premium Version7.8.10

Cisco ≫ Confd Premium Version7.8.11

Cisco ≫ Confd Premium Version8.0

Cisco ≫ Confd Premium Version8.0.1

Cisco ≫ Confd Premium Version8.0.2

Cisco ≫ Confd Premium Version8.0.3

Cisco ≫ Confd Premium Version8.0.4

Cisco ≫ Confd Premium Version8.0.5

Cisco ≫ Confd Premium Version8.0.6

Cisco ≫ Confd Premium Version8.0.7

Cisco ≫ Confd Premium Version8.0.8

Cisco ≫ Confd Premium Version8.1

Cisco ≫ Confd Premium Version8.1.1

Cisco ≫ Confd Premium Version8.1.2

Cisco ≫ Confd Premium Version8.1.3

Cisco ≫ Confd Premium Version8.1.4

Cisco ≫ Crosswork Network Services Orchestrator Version >= 5.3.5 < 5.4

Cisco ≫ Crosswork Network Services Orchestrator Version >= 5.4.5 < 5.5

Cisco ≫ Crosswork Network Services Orchestrator Version >= 5.5.3 < 5.5.10.1

Cisco ≫ Crosswork Network Services Orchestrator Version >= 5.6 < 5.6.14.3

Cisco ≫ Crosswork Network Services Orchestrator Version >= 5.7 < 5.7.15

Cisco ≫ Crosswork Network Services Orchestrator Version >= 5.8 < 5.8.13.1

Cisco ≫ Crosswork Network Services Orchestrator Version >= 6.0 <= 6.0.12

Cisco ≫ Crosswork Network Services Orchestrator Version >= 6.1 <= 6.1.7

Cisco ≫ Crosswork Network Services Orchestrator Version >= 6.2 < 6.2.2

Cisco ≫ Crosswork Network Services Orchestrator Version5.1.7

Cisco ≫ Crosswork Network Services Orchestrator Version6.0.11

Cisco ≫ Crosswork Network Services Orchestrator Version6.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.617

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20326

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20326

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20326

EUVD