CVE-2024-20383

A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.
Configurations

No configuration.

History

21 Nov 2024, 08:52

Type Values Removed Values Added
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD -
Summary
  • (es) Una vulnerabilidad en la CLI de Cisco Crosswork NSO y la CLI de ConfD podría permitir que un atacante local autenticado y con pocos privilegios eleve los privilegios a root en el sistema operativo subyacente. La vulnerabilidad se debe a una asignación de privilegios incorrecta cuando se utilizan comandos CLI específicos. Un atacante podría aprovechar esta vulnerabilidad ejecutando un comando CLI afectado. Un exploit exitoso podría permitir al atacante elevar los privilegios a root en el sistema operativo subyacente.

15 May 2024, 19:15

Type Values Removed Values Added
Summary (en) A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user. (en) A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.

15 May 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-15 18:15

Updated : 2024-11-21 08:52


NVD link : CVE-2024-20383

Mitre link : CVE-2024-20383

CVE.ORG link : CVE-2024-20383


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')