Lucene search

CiscoCISCO-SA-NSO-RWPESC-QRQGNH3F

HistoryMay 15, 2024 - 4:00 p.m.

Cisco Crosswork Network Services Orchestrator Vulnerabilities

2024-05-1516:00:00

tools.cisco.com

cisco

crosswork network services orchestrator

cli

vulnerabilities

authenticated

local attacker

arbitrary files

root

operating system

software updates

advisory

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.5%

JSON

Multiple vulnerabilities in the Cisco Crosswork Network Services Orchestrator (NSO) CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f”]

Affected configurations

Vulners

Node

cisconetwork_services_orchestratorMatchany

CPENameOperatorVersion
cisco network services orchestratoreqany
cisco network services orchestratoreqany

CPE	Name	Operator	Version
	cisco network services orchestrator	eq	any
	cisco network services orchestrator	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f