Lucene search
K

113 matches found

NVD
NVD
added 2024/11/15 4:15 p.m.23 views

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

8.8CVSS0.00832EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/15 3:56 p.m.33 views

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

8.8CVSS0.00832EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/15 3:56 p.m.15 views

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

8.8CVSS7.8AI score0.00832EPSS
Exploits0References2
NVD
NVD
added 2024/09/11 5:15 p.m.29 views

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS0.00576EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/11 4:38 p.m.27 views

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS6.9AI score0.00576EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 4:38 p.m.32 views

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS0.00576EPSS
Exploits0References1
Cisco
Cisco
added 2024/09/11 4:0 p.m.28 views

Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS8.7AI score0.00576EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.9 views

PT-2024-10394 · Cisco · Cisco Optical Site Manager +3

Name of the Vulnerable Software and Affected Versions: Cisco Crosswork Network Services Orchestrator NSO affected versions not specified Cisco ConfD affected versions not specified Cisco Optical Site Manager affected versions not specified Cisco RV340 Dual WAN Gigabit VPN Routers affected version...

9CVSS7AI score0.00576EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2024/05/30 12:0 a.m.6 views

The vulnerability of the Command Line Interface (CLI) of the Cisco Network Services Orchestrator software environment allows a malicious actor to elevate their privileges to the root user level. This vulnerability enables a hacker to gain control over network elements called ConfD.

The vulnerability of the command-line interface CLI of the Cisco Network Services Orchestrator software environment relates to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root user level...

7.8CVSS5.4AI score0.00342EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/24 12:0 a.m.49 views

Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email could allow an authenticated, remote attacker to conduct an XSS attack again...

8.4CVSS6.1AI score0.00351EPSS
Exploits0References10
OSV
OSV
added 2024/05/16 2:15 p.m.6 views

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS6AI score0.00342EPSS
Exploits0References2
NVD
NVD
added 2024/05/16 2:15 p.m.28 views

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.7AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2024/05/16 2:15 p.m.23 views

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.7AI score0.00342EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 2:8 p.m.14 views

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.1AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/16 2:8 p.m.44 views

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.9AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 2:8 p.m.72 views

CVE-2024-20389

CVE-2024-20389 affects the ConfD CLI and Cisco Crosswork NSO CLI. The issue stems from improper authorization enforcement when specific CLI commands are used, allowing an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying OS. Exploitation is ...

7.8CVSS6.9AI score0.00177EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/16 2:8 p.m.98 views

CVE-2024-20326

The CVE-2024-20326 entry applies to Cisco ConfD CLI and Cisco Crosswork NSO CLI. The vulnerability stems from improper authorization enforcement for specific CLI commands, allowing an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying OS. Exp...

7.8CVSS6.9AI score0.00342EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2024/05/16 2:8 p.m.16 views

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.1AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/16 2:8 p.m.22 views

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.9AI score0.00342EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/15 5:59 p.m.17 views

CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

4.8CVSS6.3AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder