| Assigner | cisco |
| Reserved | 2023-11-08 |
| Published | 2024-05-15 |
| Updated | 2024-06-04 |
Description
A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.
| CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Problem types
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
11.0.0-115
11.0.1-161
11.5.1-105
12.0.0-452
12.0.1-011
12.5.0-636
12.5.0-658
12.5.0-678
12.5.0-670
13.0.0-277
13.6.2-078
13.8.1-068
13.8.1-074
13.8.1-108
12.8.1-002
12.8.1-021
14.0.0-404
14.1.0-223
14.1.0-227
14.2.0-212
14.2.0-224
14.2.1-020
14.3.0-120
15.0.0-334
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
