Arbitrary File Read and Write Vulnerability in Cisco ConfD and Crosswork Network Services Orchestrator CLI
CVE-2024-20326
7.8HIGH
Key Information
- Vendor
- Cisco
- Status
- Cisco Confd
- Cisco Confd Basic
- Cisco Network Services Orchestrator
- Vendor
- CVE Published:
- 16 May 2024
Badges
👾 Exploit Exists
Summary
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
Affected Version(s)
Cisco ConfD = 7.3.5
Cisco ConfD = 7.3.5.2
Cisco ConfD = 7.3.5.1
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.
Collectors
NVD DatabaseMitre Database