11 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2025-32433
The CVE-2025-32433 issue affects Erlang/OTP’s SSH server and is caused by a flaw in SSH message handling during authentication, enabling an unauthenticated attacker to execute arbitrary commands with the SSH daemon’s privileges (potentially root). Affected OTP versions include OTP-27.3.2?3, OTP-2...
CVE-2024-20381
CVE-2024-20381 involves a JSON-RPC API authorization bypass in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD, used by web interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN routers. The root cause is improper authorization checks on the API, allowing an authenticate...
CVE-2021-1132
CVE-2021-1132 affects Cisco Network Services Orchestrator (NSO) API and web-management interface. The issue arises from improper validation of user-supplied input, allowing an unauthenticated, remote attacker to send crafted HTTP requests containing directory traversal sequences to access sensiti...
CVE-2021-1572
The CVE-2021-1572 issue affects Cisco ConfD CLI Secure Shell Server Privilege Escalation, impacting ConfD (and NSO/ConfD options) where the built‑in SSH server handles the SFTP service at the privilege level of the running account (often root). An authenticated, local attacker with a valid accoun...
CVE-2023-20040
Cisco NSO NETCONF service vulnerability (CVE-2023-20040): authenticated admin-group user can upload crafted packages via NETCONF, triggering input validation failure that may write/delete arbitrary files and cause DoS on root-run NSO. Affected: Cisco Network Services Orchestrator; root access pos...
CVE-2024-20366
CVE-2024-20366 involves Cisco Crosswork Network Services Orchestrator (NSO) and its Tail-f HCC function pack. A local, authenticated attacker can elevate privileges to root due to a user-controlled search path used to locate executables, enabling execution of a malicious file with root privileges...
CVE-2020-3362
Cisco NSO CVE-2020-3362 is a local information-disclosure vulnerability in the CLI due to a timing issue in command processing. An authenticated, local attacker could exploit a specific CLI sequence to read configuration information normally restricted to administrators. The issue affects Cisco N...
CVE-2024-20369
CVE-2024-20369 affects Cisco Crosswork Network Services Orchestrator (NSO) Web UI. The issue is improper input validation of a parameter in an HTTP request, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious website. Documented...
CVE-2018-0463
CVE-2018-0463 describes a vulnerability in the Cisco Network Plug and Play server component of Cisco NSO. The issue stems from incomplete validation when NSO is configured to use Secure Unique Device Identifier (SUDI) authentication, allowing an unauthenticated, remote attacker to gain unauthoriz...
CVE-2018-0274
Cisco NSO contains a CLI parser input-validation vulnerability (CVE-2018-0274) that could allow an authenticated, remote attacker to run arbitrary commands with root privileges. Affected NSO releases include 4.1–4.1.6.0, 4.2–4.2.4.0, 4.3–4.3.3.0, and 4.4–4.4.2.0. The issue stems from insufficient...