The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator (NSO) and ConfD software, which is used by the web-based management interfaces for Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN, allows a malicious actor to escalate their privileges.

The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator NSO and ConfD software, which is used by the Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN control web interfaces, is related to incorrect authentication checks in the API...

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

CVE-2024-20381

CVE-2024-20381 involves a JSON-RPC API authorization bypass in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD, used by web interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN routers. The root cause is improper authorization checks on the API, allowing an authenticate...

Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

Cisco多款产品 安全漏洞

The Cisco RV340 and others are products of Cisco, Inc.The Cisco RV340 is a dual WAN Gigabit Vpn router.The Cisco Crosswork Network Services Orchestrator is a network automation and orchestration platform.The Cisco Optical Site Cisco Optical Site Manager is a network management software. A securit...

PT-2024-10394 · Cisco · Cisco Optical Site Manager +3

Name of the Vulnerable Software and Affected Versions: Cisco Crosswork Network Services Orchestrator NSO affected versions not specified Cisco ConfD affected versions not specified Cisco Optical Site Manager affected versions not specified Cisco RV340 Dual WAN Gigabit VPN Routers affected version...