THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-20366

Assignercisco
Reserved2023-11-08
Published2024-05-15
Updated2024-06-04

Description

A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.



HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

External Control of File Name or Path

Product status

5.4
affected

5.5
affected

5.6
affected

5.7
affected

5.8
affected

5.1.1.1
affected

5.1.1.3
affected

5.1.2
affected

5.2.0.3
affected

5.2.0.4
affected

5.2.1
affected

5.2.1.1
affected

5.2.3.2
affected

5.3.1
affected

5.3.4.3
affected

5.4.0.1
affected

5.4.0.2
affected

5.4.1
affected

5.4.1.1
affected

5.4.2
affected

5.4.3
affected

5.4.3.1
affected

5.4.3.2
affected

5.4.4.1
affected

5.4.4
affected

5.4.4.3
affected

5.4.3.4
affected

5.4.4.2
affected

5.4.3.3
affected

5.4.5.1
affected

5.4.2.1
affected

5.4.5.2
affected

5.4.5
affected

5.4.2.2
affected

5.4.6
affected

5.4.7
affected

5.4.7.1
affected

5.5.1
affected

5.5.2
affected

5.5.2.1
affected

5.5.2.2
affected

5.5.2.5
affected

5.5.2.3
affected

5.5.2.4
affected

5.5.2.9
affected

5.5.2.10
affected

5.5.3
affected

5.5.2.11
affected

5.5.2.6
affected

5.5.2.7
affected

5.5.2.8
affected

5.5.2.12
affected

5.5.4
affected

5.5.4.1
affected

5.5.3.1
affected

5.5.5
affected

5.5.6
affected

5.5.6.1
affected

5.5.7
affected

5.5.8
affected

5.5.10
affected

5.5.9
affected

5.6.1
affected

5.6.3
affected

5.6.3.1
affected

5.6.2
affected

5.6.4
affected

5.6.5
affected

5.6.6
affected

5.6.6.1
affected

5.6.7
affected

5.6.7.1
affected

5.6.7.2
affected

5.6.8
affected

5.6.8.1
affected

5.6.9
affected

5.6.10
affected

5.6.11
affected

5.6.12
affected

5.6.13
affected

5.6.14
affected

5.6.14.1
affected

5.7.1.1
affected

5.7.1
affected

5.7.2
affected

5.7.2.1
affected

5.7.3
affected

5.7.4
affected

5.7.5
affected

5.7.5.1
affected

5.7.6
affected

5.7.6.1
affected

5.7.6.2
affected

5.7.7
affected

5.7.8
affected

5.7.10
affected

5.7.10.1
affected

5.7.10.2
affected

5.7.11
affected

5.7.12
affected

5.7.13
affected

5.7.14
affected

5.7.15.1
affected

5.7.6.3
affected

5.7.8.1
affected

5.7.9
affected

5.7.9.1
affected

5.8.1
affected

5.8.2
affected

5.8.2.1
affected

5.8.3
affected

5.8.4
affected

5.8.5
affected

5.8.10
affected

5.8.11
affected

5.8.12
affected

5.8.6
affected

5.8.7
affected

5.8.8
affected

5.8.9
affected

6.0
affected

6.1
affected

6.2
affected

6.0.1
affected

6.0.1.1
affected

6.0.10
affected

6.0.11
affected

6.0.2
affected

6.0.3
affected

6.0.4
affected

6.0.5
affected

6.0.6
affected

6.0.7
affected

6.0.8
affected

6.0.9
affected

6.1.1
affected

6.1.2
affected

6.1.2.1
affected

6.1.3
affected

6.1.3.1
affected

6.1.3.2
affected

6.1.4
affected

6.1.5
affected

6.1.6
affected

6.1.6.1
affected

6.1.7
affected

6.1.7.1
affected

6.2.2
affected

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D (cisco-sa-nso-hcc-priv-esc-OWBWCs5D)

cve.org CVE-2024-20366

nvd.nist.gov CVE-2024-20366

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20366
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +