Cisco ConfD JSON-RPC API Vulnerability Could Allow Remote Authenticated Attacker to Modify Configuration
CVE-2024-20381
8.8HIGH
Key Information:
- Vendor
Cisco
- Status
- Vendor
- CVE Published:
- 11 September 2024
What is CVE-2024-20381?
A vulnerability exists in the JSON-RPC API feature of Cisco's Crosswork Network Services Orchestrator and ConfD, utilized by the management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers. This vulnerability arises from improper authorization checks, allowing an authenticated remote attacker to exploit the API by sending malicious requests. A successful attack may enable the attacker to modify the configurations of affected applications or devices, potentially leading to unauthorized changes such as creating new user accounts or elevating privileges within the system.
Affected Version(s)
Cisco IOS XR Software 6.5.3
Cisco IOS XR Software 6.5.29
Cisco IOS XR Software 6.5.1