Back

CVE-2024-20383

May 15, 2024, 7:15 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

Cisco Crosswork NSO

ConfD

Cisco Crosswork NSO CLI

ConfD CLI

Source

ykramarz@cisco.com

Tags

CWE-79
ykramarz@cisco.com
2024-05-15
CVE-2024-20383

CVE-2024-20383 details

Published : May 15, 2024, 6:15 p.m.
Last Modified : May 15, 2024, 7:15 p.m.

Description

A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.

CVSS Score

1 2 3 4.8 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score

4.8

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References

URL Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD ykramarz@cisco.com
This website uses the NVD API, but is not approved or certified by it.