EUVD-2024-18104

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerability in ConfD CLI and Cisco Crosswork CLI allows low-privileged attacker file access as root.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the Command Line Interface (CLI) of the Cisco Crosswork Network Services Orchestrator software environment allows a malicious actor to escalate their privileges.	24 Jun 202400:00	–	bdu_fstec
Cisco	ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities	15 May 202416:00	–	cisco
Cisco	Cisco Crosswork Network Services Orchestrator Vulnerabilities	15 May 202416:00	–	cisco
CNNVD	Cisco Crosswork Network Services Orchestrator 安全漏洞	16 May 202400:00	–	cnnvd
CVE	CVE-2024-20389	16 May 202414:08	–	cve
Cvelist	CVE-2024-20389	16 May 202414:08	–	cvelist
NVD	CVE-2024-20389	16 May 202414:15	–	nvd
RedhatCVE	CVE-2024-20389	5 Feb 202501:18	–	redhatcve
Vulnrichment	CVE-2024-20389	16 May 202414:08	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "8b16d04b-0b69-32e9-8864-35603ec777d5",
        "vendor": {
          "name": "Cisco"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "52e61033-252d-3f9a-a12a-eebe3f514b9c",
        "product": {
          "name": "Cisco Network Services Orchestrator"
        },
        "product_version": "6.0.11"
      },
      {
        "id": "a543ff46-cd89-3b06-a325-d27ba0659067",
        "product": {
          "name": "Cisco ConfD"
        },
        "product_version": "N/A"
      },
      {
        "id": "e60f20ae-3de6-3d32-bcf0-ee29f7451e17",
        "product": {
          "name": "Cisco ConfD Basic"
        },
        "product_version": "8.0.11"
      }
    ]
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.8

EPSS0.00107

SSVC