THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-20383

Reserved:2023-11-08
Published:2024-05-15
Updated:2024-05-15

Description

A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.



MEDIUM: 4.8CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

9.0.0-087
affected

11.0.0-115
affected

11.0.1-161
affected

11.5.1-105
affected

12.0.0-452
affected

12.0.1-011
affected

12.5.0-636
affected

12.5.0-658
affected

12.5.0-678
affected

12.5.0-670
affected

13.0.0-277
affected

13.6.2-078
affected

13.8.1-068
affected

13.8.1-074
affected

13.8.1-108
affected

12.8.1-002
affected

12.8.1-021
affected

14.0.0-404
affected

14.1.0-223
affected

14.1.0-227
affected

14.2.0-212
affected

14.2.0-224
affected

14.2.1-020
affected

14.3.0-120
affected

15.0.0-334
affected

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

cve.org CVE-2024-20383

nvd.nist.gov CVE-2024-20383

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20383