Unrated severityNVD Advisory· Published May 16, 2024· Updated Aug 1, 2024

CVE-2024-20326

Description

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.

This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.

Affected products

Cisco/Cisco ConfDv5
Range: 7.3.5
Cisco/Cisco ConfD Basicv5
Range: 8.0.1
Cisco Systems, Inc./Network Services Orchestrator (NSO)cpe-rescue
Range: N/A

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000