ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities

2024-05-1516:00:00

tools.cisco.com

confd

cli

privilege escalation

arbitrary file read

arbitrary file write

vulnerabilities

cisco

software updates

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.3%

JSON

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8”]

CPENameOperatorVersion
cisco confdeqany
cisco confd basiceqany
cisco confdeqany
cisco confd basiceqany

Name	Operator	Version
cisco confd	eq	any
cisco confd basic	eq	any
cisco confd	eq	any
cisco confd basic	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8