VDB

CVE-2024-20389

CVE-2024-20389 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.

EPSS 0.11% · 28.6th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.11%
28.6th percentile

Affected Products

VendorProductVersions
ciscoconfd_basic8.0.11, 8.0.11, 8.0.11
CiscoCisco ConfDN/A, N/A
ciscoconfd8.0.11, 8.0.11
CiscoCisco ConfD Basic8.0.11, 8.0.11
CiscoCisco Network Services Orchestrator6.0.11, 6.0.11
cisconetwork_services_orchestrator6.0.11, 6.2.1, 6.0.11
ciscocrosswork_network_services_orchestrator6.2.1, 6.0.11, 6.2.1

Exploit Intelligence

Timeline

  • May 16, 2024 CVE Published
  • May 17, 2024 EPSS Score
  • Jun 11, 2024 EPSS Score
  • Jul 5, 2024 EPSS Score
  • Jul 28, 2024 EPSS Score
  • Aug 21, 2024 EPSS Score
  • Sep 14, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 8, 2024 EPSS Score
  • Nov 1, 2024 EPSS Score
  • Nov 25, 2024 EPSS Score
  • Dec 19, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›