VYPR

ConfD

by Cisco Systems, Inc.

CVEs (3)

  • CVE-2022-20655HigNov 15, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker…

  • CVE-2024-20381Sep 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote…

  • CVE-2021-1572Aug 4, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The…