Lucene search
K
CiscoNetwork Services Orchestrator

11 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6769 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2025/04/16 9:34 p.m.730 views

CVE-2025-32433

The CVE-2025-32433 issue affects Erlang/OTP’s SSH server and is caused by a flaw in SSH message handling during authentication, enabling an unauthenticated attacker to execute arbitrary commands with the SSH daemon’s privileges (potentially root). Affected OTP versions include OTP-27.3.2?3, OTP-2...

10CVSS9.9AI score0.97673EPSS
In wild
CVE
CVE
added 2024/09/11 4:38 p.m.127 views

CVE-2024-20381

CVE-2024-20381 involves a JSON-RPC API authorization bypass in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD, used by web interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN routers. The root cause is improper authorization checks on the API, allowing an authenticate...

8.8CVSS8.6AI score0.00576EPSS
CVE
CVE
added 2024/11/18 3:42 p.m.106 views

CVE-2021-1132

CVE-2021-1132 affects Cisco Network Services Orchestrator (NSO) API and web-management interface. The issue arises from improper validation of user-supplied input, allowing an unauthenticated, remote attacker to send crafted HTTP requests containing directory traversal sequences to access sensiti...

7.5CVSS5.3AI score0.01606EPSS
CVE
CVE
added 2021/08/04 5:20 p.m.74 views

CVE-2021-1572

The CVE-2021-1572 issue affects Cisco ConfD CLI Secure Shell Server Privilege Escalation, impacting ConfD (and NSO/ConfD options) where the built‑in SSH server handles the SFTP service at the privilege level of the running account (often root). An authenticated, local attacker with a valid accoun...

7.8CVSS7.9AI score0.00247EPSS
CVE
CVE
added 2023/01/19 1:37 a.m.71 views

CVE-2023-20040

Cisco NSO NETCONF service vulnerability (CVE-2023-20040): authenticated admin-group user can upload crafted packages via NETCONF, triggering input validation failure that may write/delete arbitrary files and cause DoS on root-run NSO. Affected: Cisco Network Services Orchestrator; root access pos...

5.5CVSS5.8AI score0.01242EPSS
CVE
CVE
added 2024/05/15 5:25 p.m.68 views

CVE-2024-20366

CVE-2024-20366 involves Cisco Crosswork Network Services Orchestrator (NSO) and its Tail-f HCC function pack. A local, authenticated attacker can elevate privileges to root due to a user-controlled search path used to locate executables, enabling execution of a malicious file with root privileges...

7.8CVSS7.5AI score0.00198EPSS
CVE
CVE
added 2020/06/18 2:17 a.m.63 views

CVE-2020-3362

Cisco NSO CVE-2020-3362 is a local information-disclosure vulnerability in the CLI due to a timing issue in command processing. An authenticated, local attacker could exploit a specific CLI sequence to read configuration information normally restricted to administrators. The issue affects Cisco N...

4.7CVSS4.5AI score0.00243EPSS
CVE
CVE
added 2024/05/15 5:23 p.m.57 views

CVE-2024-20369

CVE-2024-20369 affects Cisco Crosswork Network Services Orchestrator (NSO) Web UI. The issue is improper input validation of a parameter in an HTTP request, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious website. Documented...

6.1CVSS6.7AI score0.00312EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.54 views

CVE-2018-0463

CVE-2018-0463 describes a vulnerability in the Cisco Network Plug and Play server component of Cisco NSO. The issue stems from incomplete validation when NSO is configured to use Secure Unique Device Identifier (SUDI) authentication, allowing an unauthenticated, remote attacker to gain unauthoriz...

7.5CVSS7.8AI score0.01487EPSS
CVE
CVE
added 2018/06/07 12:0 p.m.46 views

CVE-2018-0274

Cisco NSO contains a CLI parser input-validation vulnerability (CVE-2018-0274) that could allow an authenticated, remote attacker to run arbitrary commands with root privileges. Affected NSO releases include 4.1–4.1.6.0, 4.2–4.2.4.0, 4.3–4.3.3.0, and 4.4–4.4.2.0. The issue stems from insufficient...

9CVSS8.9AI score0.03958EPSS