CVE-2024-20389

CVSS V2 None CVSS V3 None

Description

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.

Overview

CVE ID
CVE-2024-20389

Assigner
cisco

Vulnerability Status
PUBLISHED

Published Version
2024-05-16T14:08:21.745Z

Last Modified Date
2024-06-04T17:40:25.932Z

Weakness Enumerations

CWE	URL
CWE-266	http://cwe.mitre.org/data/definitions/266.html

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-20389
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20389

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 04:45:22				Added to TrackCVE