Cisco NSO Vulnerability Allows Elevation of Privileges
Key Information
- Vendor
- Cisco
- Status
- Cisco Network Services Orchestrator
- Vendor
- CVE Published:
- 15 May 2024
Badges
Summary
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.
Affected Version(s)
Cisco Network Services Orchestrator = 5.4
Cisco Network Services Orchestrator = 5.5
Cisco Network Services Orchestrator = 5.6
CVSS V3.1
Timeline
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.