Search criteria
22 vulnerabilities found for network_services_orchestrator by cisco
CVE-2025-32433 (GCVE-0-2025-32433)
Vulnerability from nvd – Published: 2025-04-16 21:34 – Updated: 2025-11-03 19:53
VLAI?
Title
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
Summary
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:28.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32433",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T03:55:59.410447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:18.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-09T00:00:00+00:00",
"value": "CVE-2025-32433 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003e= OTP-27.0-rc1, \u003c OTP-27.3.3"
},
{
"status": "affected",
"version": "\u003e= OTP-26.0-rc1, \u003c OTP-26.2.5.11"
},
{
"status": "affected",
"version": "\u003c OTP-25.3.2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T21:34:37.457Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"
},
{
"name": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
},
{
"name": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
},
{
"name": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
}
],
"source": {
"advisory": "GHSA-37cp-fgq5-7wc2",
"discovery": "UNKNOWN"
},
"title": "Erlang/OTP SSH Vulnerable to Pre-Authentication RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32433",
"datePublished": "2025-04-16T21:34:37.457Z",
"dateReserved": "2025-04-08T10:54:58.368Z",
"dateUpdated": "2025-11-03T19:53:28.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-1132 (GCVE-0-2021-1132)
Vulnerability from nvd – Published: 2024-11-18 15:42 – Updated: 2024-11-18 16:36
VLAI?
Title
Cisco Network Services Orchestrator Path Traversal Vulnerability
Summary
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.
This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
5.3.1
Affected: 5.4.0.1 Affected: 5.4 Affected: 5.4.0.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:network_services_orchestrator:5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4.0.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T16:34:43.577822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:36:46.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.4.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API subsystem and in the web-management interface of Cisco\u0026nbsp;Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.\r\nThis vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:42:08.936Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-dZRQE8Lc",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-dZRQE8Lc"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8"
}
],
"source": {
"advisory": "cisco-sa-nso-path-trvsl-dZRQE8Lc",
"defects": [
"CSCvv48959"
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Path Traversal Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1132",
"datePublished": "2024-11-18T15:42:08.936Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-18T16:36:46.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20381 (GCVE-0-2024-20381)
Vulnerability from nvd – Published: 2024-09-11 16:38 – Updated: 2024-09-27 13:58
VLAI?
Title
Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
Summary
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.
This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.
Severity ?
8.8 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.29 Affected: 6.5.1 Affected: 6.6.1 Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.5.26 Affected: 6.6.11 Affected: 6.5.25 Affected: 6.5.28 Affected: 6.5.93 Affected: 6.6.12 Affected: 6.5.90 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 6.5.31 Affected: 7.3.15 Affected: 7.3.16 Affected: 6.8.1 Affected: 7.4.15 Affected: 6.5.32 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.8.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 6.5.33 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.5.52 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.3.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_rv_series_router_firmware",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.0.01.17"
},
{
"status": "affected",
"version": "1.0.03.17"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T03:55:16.289362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:58:21.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.8.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.5.52"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "5.2.1.1"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "5.2.0.3"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "5.4.0.2"
},
{
"status": "affected",
"version": "4.7.3"
},
{
"status": "affected",
"version": "5.2.0.4"
},
{
"status": "affected",
"version": "5.1.1.1"
},
{
"status": "affected",
"version": "5.1.1.3"
},
{
"status": "affected",
"version": "5.2.3.2"
},
{
"status": "affected",
"version": "5.4.1.1"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.4.3"
},
{
"status": "affected",
"version": "5.4.3.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.3.4.3"
},
{
"status": "affected",
"version": "5.5.2.1"
},
{
"status": "affected",
"version": "5.5.2.2"
},
{
"status": "affected",
"version": "5.4.3.2"
},
{
"status": "affected",
"version": "5.5.2.3"
},
{
"status": "affected",
"version": "5.4.4"
},
{
"status": "affected",
"version": "5.4.4.1"
},
{
"status": "affected",
"version": "5.5.2.4"
},
{
"status": "affected",
"version": "5.5.2.5"
},
{
"status": "affected",
"version": "5.5.2.6"
},
{
"status": "affected",
"version": "5.4.4.2"
},
{
"status": "affected",
"version": "5.4.3.3"
},
{
"status": "affected",
"version": "5.5.2.7"
},
{
"status": "affected",
"version": "5.5.2.8"
},
{
"status": "affected",
"version": "5.4.3.4"
},
{
"status": "affected",
"version": "5.4.4.3"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.5.2.9"
},
{
"status": "affected",
"version": "5.5.3"
},
{
"status": "affected",
"version": "5.5.2.10"
},
{
"status": "affected",
"version": "5.6.1"
},
{
"status": "affected",
"version": "5.5.2.11"
},
{
"status": "affected",
"version": "5.6.2"
},
{
"status": "affected",
"version": "5.5.3.1"
},
{
"status": "affected",
"version": "5.4.5"
},
{
"status": "affected",
"version": "5.4.5.1"
},
{
"status": "affected",
"version": "5.5.4"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"status": "affected",
"version": "5.5.4.1"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.5.2.12"
},
{
"status": "affected",
"version": "5.4.2.1"
},
{
"status": "affected",
"version": "5.6.3.1"
},
{
"status": "affected",
"version": "5.4.5.2"
},
{
"status": "affected",
"version": "5.7.1"
},
{
"status": "affected",
"version": "5.7.1.1"
},
{
"status": "affected",
"version": "5.6.4"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.4.6"
},
{
"status": "affected",
"version": "5.7.2"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.6.5"
},
{
"status": "affected",
"version": "5.5.5"
},
{
"status": "affected",
"version": "5.7.3"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.6.6.1"
},
{
"status": "affected",
"version": "5.7.5.1"
},
{
"status": "affected",
"version": "5.6.7.1"
},
{
"status": "affected",
"version": "5.6.7"
},
{
"status": "affected",
"version": "5.5.6.1"
},
{
"status": "affected",
"version": "5.8.1"
},
{
"status": "affected",
"version": "5.6.6"
},
{
"status": "affected",
"version": "5.4.7"
},
{
"status": "affected",
"version": "5.8.2.1"
},
{
"status": "affected",
"version": "5.7.5"
},
{
"status": "affected",
"version": "5.7.4"
},
{
"status": "affected",
"version": "5.8.2"
},
{
"status": "affected",
"version": "5.5.6"
},
{
"status": "affected",
"version": "5.6.7.2"
},
{
"status": "affected",
"version": "5.7.6"
},
{
"status": "affected",
"version": "5.7.6.1"
},
{
"status": "affected",
"version": "5.8.3"
},
{
"status": "affected",
"version": "5.6.8"
},
{
"status": "affected",
"version": "5.7.6.2"
},
{
"status": "affected",
"version": "5.8.4"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.7.7"
},
{
"status": "affected",
"version": "5.6.9"
},
{
"status": "affected",
"version": "5.6.8.1"
},
{
"status": "affected",
"version": "5.8.5"
},
{
"status": "affected",
"version": "5.5.8"
},
{
"status": "affected",
"version": "5.7.8"
},
{
"status": "affected",
"version": "5.4.7.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.7.8.1"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "5.6.10"
},
{
"status": "affected",
"version": "5.8.6"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "5.7.9"
},
{
"status": "affected",
"version": "5.5.9"
},
{
"status": "affected",
"version": "5.6.11"
},
{
"status": "affected",
"version": "5.8.7"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "5.7.10"
},
{
"status": "affected",
"version": "5.6.12"
},
{
"status": "affected",
"version": "5.8.8"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "5.5.10"
},
{
"status": "affected",
"version": "5.7.10.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "5.7.6.3"
},
{
"status": "affected",
"version": "5.7.11"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "5.6.13"
},
{
"status": "affected",
"version": "5.8.9"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "5.7.10.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.7.12"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "5.6.14"
},
{
"status": "affected",
"version": "6.1.2.1"
},
{
"status": "affected",
"version": "5.8.10"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "5.7.13"
},
{
"status": "affected",
"version": "5.8.11"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "5.6.14.1"
},
{
"status": "affected",
"version": "5.8.12"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "5.8.13"
},
{
"status": "affected",
"version": "5.7.14"
},
{
"status": "affected",
"version": "6.0.10"
},
{
"status": "affected",
"version": "6.1.6"
},
{
"status": "affected",
"version": "6.1.6.1"
},
{
"status": "affected",
"version": "6.0.11"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "5.7.15"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.1.7.1"
},
{
"status": "affected",
"version": "6.0.12"
},
{
"status": "affected",
"version": "6.1.8"
},
{
"status": "affected",
"version": "5.7.9.1"
},
{
"status": "affected",
"version": "5.7.15.1"
},
{
"status": "affected",
"version": "6.1.10"
},
{
"status": "affected",
"version": "6.1.11"
},
{
"status": "affected",
"version": "5.1.4.3"
},
{
"status": "affected",
"version": "6.1.11.1"
},
{
"status": "affected",
"version": "6.1.11.2"
},
{
"status": "affected",
"version": "5.7.17"
},
{
"status": "affected",
"version": "6.1.12"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.01.17"
},
{
"status": "affected",
"version": "1.0.03.17"
},
{
"status": "affected",
"version": "1.0.01.16"
},
{
"status": "affected",
"version": "1.0.01.18"
},
{
"status": "affected",
"version": "1.0.00.29"
},
{
"status": "affected",
"version": "1.0.03.16"
},
{
"status": "affected",
"version": "1.0.03.15"
},
{
"status": "affected",
"version": "1.0.02.16"
},
{
"status": "affected",
"version": "1.0.01.20"
},
{
"status": "affected",
"version": "1.0.00.33"
},
{
"status": "affected",
"version": "1.0.03.18"
},
{
"status": "affected",
"version": "1.0.03.19"
},
{
"status": "affected",
"version": "1.0.03.20"
},
{
"status": "affected",
"version": "1.0.03.21"
},
{
"status": "affected",
"version": "1.0.03.22"
},
{
"status": "affected",
"version": "1.0.03.24"
},
{
"status": "affected",
"version": "1.0.03.26"
},
{
"status": "affected",
"version": "1.0.03.27"
},
{
"status": "affected",
"version": "1.0.03.28"
},
{
"status": "affected",
"version": "1.0.03.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:24:52.271Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-auth-bypass-QnTEesp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp"
}
],
"source": {
"advisory": "cisco-sa-nso-auth-bypass-QnTEesp",
"defects": [
"CSCwj26769"
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20381",
"datePublished": "2024-09-11T16:38:42.096Z",
"dateReserved": "2023-11-08T15:08:07.656Z",
"dateUpdated": "2024-09-27T13:58:21.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20369 (GCVE-0-2024-20369)
Vulnerability from nvd – Published: 2024-05-15 17:23 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Severity ?
4.7 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
5.4
Affected: 5.5 Affected: 5.6 Affected: 5.7 Affected: 5.8 Affected: 5.1.1.1 Affected: 5.1.1.3 Affected: 5.1.2 Affected: 5.2.0.4 Affected: 5.2.1 Affected: 5.2.1.1 Affected: 5.2.3.2 Affected: 5.3.1 Affected: 5.3.4.3 Affected: 5.4.0.1 Affected: 5.4.1 Affected: 5.4.1.1 Affected: 5.4.2 Affected: 5.4.3.1 Affected: 5.4.4.1 Affected: 5.4.4 Affected: 5.4.4.3 Affected: 5.4.3.3 Affected: 5.4.5.1 Affected: 5.4.5.2 Affected: 5.4.5 Affected: 5.4.6 Affected: 5.4.7 Affected: 5.4.7.1 Affected: 5.5.1 Affected: 5.5.2 Affected: 5.5.2.1 Affected: 5.5.2.3 Affected: 5.5.2.4 Affected: 5.5.2.9 Affected: 5.5.2.10 Affected: 5.5.3 Affected: 5.5.2.7 Affected: 5.5.2.12 Affected: 5.5.4.1 Affected: 5.5.3.1 Affected: 5.5.5 Affected: 5.5.6 Affected: 5.5.7 Affected: 5.5.8 Affected: 5.6.1 Affected: 5.6.3 Affected: 5.6.2 Affected: 5.6.5 Affected: 5.6.6 Affected: 5.6.6.1 Affected: 5.6.7 Affected: 5.6.7.1 Affected: 5.6.8 Affected: 5.6.8.1 Affected: 5.6.11 Affected: 5.6.13 Affected: 5.6.14 Affected: 5.6.14.1 Affected: 5.7.1.1 Affected: 5.7.1 Affected: 5.7.2 Affected: 5.7.2.1 Affected: 5.7.3 Affected: 5.7.4 Affected: 5.7.5 Affected: 5.7.5.1 Affected: 5.7.6 Affected: 5.7.6.2 Affected: 5.7.8 Affected: 5.7.10 Affected: 5.7.10.2 Affected: 5.7.11 Affected: 5.7.13 Affected: 5.7.14 Affected: 5.7.9 Affected: 5.7.9.1 Affected: 5.8.1 Affected: 5.8.2 Affected: 5.8.2.1 Affected: 5.8.5 Affected: 5.8.10 Affected: 5.8.11 Affected: 5.8.9 Affected: 6.1 Affected: 6.2 Affected: 6.0.1.1 Affected: 6.0.10 Affected: 6.0.5 Affected: 6.0.8 Affected: 6.1.2.1 Affected: 6.1.5 Affected: 6.1.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:29:07.120761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:17.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nso-ordir-MNM8YqzO",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.1.1.1"
},
{
"status": "affected",
"version": "5.1.1.3"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.2.0.4"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.1.1"
},
{
"status": "affected",
"version": "5.2.3.2"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.4.3"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.4.1.1"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.4.3.1"
},
{
"status": "affected",
"version": "5.4.4.1"
},
{
"status": "affected",
"version": "5.4.4"
},
{
"status": "affected",
"version": "5.4.4.3"
},
{
"status": "affected",
"version": "5.4.3.3"
},
{
"status": "affected",
"version": "5.4.5.1"
},
{
"status": "affected",
"version": "5.4.5.2"
},
{
"status": "affected",
"version": "5.4.5"
},
{
"status": "affected",
"version": "5.4.6"
},
{
"status": "affected",
"version": "5.4.7"
},
{
"status": "affected",
"version": "5.4.7.1"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.5.2.1"
},
{
"status": "affected",
"version": "5.5.2.3"
},
{
"status": "affected",
"version": "5.5.2.4"
},
{
"status": "affected",
"version": "5.5.2.9"
},
{
"status": "affected",
"version": "5.5.2.10"
},
{
"status": "affected",
"version": "5.5.3"
},
{
"status": "affected",
"version": "5.5.2.7"
},
{
"status": "affected",
"version": "5.5.2.12"
},
{
"status": "affected",
"version": "5.5.4.1"
},
{
"status": "affected",
"version": "5.5.3.1"
},
{
"status": "affected",
"version": "5.5.5"
},
{
"status": "affected",
"version": "5.5.6"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.5.8"
},
{
"status": "affected",
"version": "5.6.1"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"status": "affected",
"version": "5.6.2"
},
{
"status": "affected",
"version": "5.6.5"
},
{
"status": "affected",
"version": "5.6.6"
},
{
"status": "affected",
"version": "5.6.6.1"
},
{
"status": "affected",
"version": "5.6.7"
},
{
"status": "affected",
"version": "5.6.7.1"
},
{
"status": "affected",
"version": "5.6.8"
},
{
"status": "affected",
"version": "5.6.8.1"
},
{
"status": "affected",
"version": "5.6.11"
},
{
"status": "affected",
"version": "5.6.13"
},
{
"status": "affected",
"version": "5.6.14"
},
{
"status": "affected",
"version": "5.6.14.1"
},
{
"status": "affected",
"version": "5.7.1.1"
},
{
"status": "affected",
"version": "5.7.1"
},
{
"status": "affected",
"version": "5.7.2"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.3"
},
{
"status": "affected",
"version": "5.7.4"
},
{
"status": "affected",
"version": "5.7.5"
},
{
"status": "affected",
"version": "5.7.5.1"
},
{
"status": "affected",
"version": "5.7.6"
},
{
"status": "affected",
"version": "5.7.6.2"
},
{
"status": "affected",
"version": "5.7.8"
},
{
"status": "affected",
"version": "5.7.10"
},
{
"status": "affected",
"version": "5.7.10.2"
},
{
"status": "affected",
"version": "5.7.11"
},
{
"status": "affected",
"version": "5.7.13"
},
{
"status": "affected",
"version": "5.7.14"
},
{
"status": "affected",
"version": "5.7.9"
},
{
"status": "affected",
"version": "5.7.9.1"
},
{
"status": "affected",
"version": "5.8.1"
},
{
"status": "affected",
"version": "5.8.2"
},
{
"status": "affected",
"version": "5.8.2.1"
},
{
"status": "affected",
"version": "5.8.5"
},
{
"status": "affected",
"version": "5.8.10"
},
{
"status": "affected",
"version": "5.8.11"
},
{
"status": "affected",
"version": "5.8.9"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.10"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"status": "affected",
"version": "6.1.2.1"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\n\r This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T17:23:34.938Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-ordir-MNM8YqzO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO"
}
],
"source": {
"advisory": "cisco-sa-nso-ordir-MNM8YqzO",
"defects": [
"CSCwi31723"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20369",
"datePublished": "2024-05-15T17:23:34.938Z",
"dateReserved": "2023-11-08T15:08:07.653Z",
"dateUpdated": "2024-08-01T21:59:42.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20366 (GCVE-0-2024-20366)
Vulnerability from nvd – Published: 2024-05-15 17:25 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.
Severity ?
7.8 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
5.4
Affected: 5.5 Affected: 5.6 Affected: 5.7 Affected: 5.8 Affected: 5.1.1.1 Affected: 5.1.1.3 Affected: 5.1.2 Affected: 5.2.0.3 Affected: 5.2.0.4 Affected: 5.2.1 Affected: 5.2.1.1 Affected: 5.2.3.2 Affected: 5.3.1 Affected: 5.3.4.3 Affected: 5.4.0.1 Affected: 5.4.0.2 Affected: 5.4.1 Affected: 5.4.1.1 Affected: 5.4.2 Affected: 5.4.3 Affected: 5.4.3.1 Affected: 5.4.3.2 Affected: 5.4.4.1 Affected: 5.4.4 Affected: 5.4.4.3 Affected: 5.4.3.4 Affected: 5.4.4.2 Affected: 5.4.3.3 Affected: 5.4.5.1 Affected: 5.4.2.1 Affected: 5.4.5.2 Affected: 5.4.5 Affected: 5.4.2.2 Affected: 5.4.6 Affected: 5.4.7 Affected: 5.4.7.1 Affected: 5.5.1 Affected: 5.5.2 Affected: 5.5.2.1 Affected: 5.5.2.2 Affected: 5.5.2.5 Affected: 5.5.2.3 Affected: 5.5.2.4 Affected: 5.5.2.9 Affected: 5.5.2.10 Affected: 5.5.3 Affected: 5.5.2.11 Affected: 5.5.2.6 Affected: 5.5.2.7 Affected: 5.5.2.8 Affected: 5.5.2.12 Affected: 5.5.4 Affected: 5.5.4.1 Affected: 5.5.3.1 Affected: 5.5.5 Affected: 5.5.6 Affected: 5.5.6.1 Affected: 5.5.7 Affected: 5.5.8 Affected: 5.5.10 Affected: 5.5.9 Affected: 5.6.1 Affected: 5.6.3 Affected: 5.6.3.1 Affected: 5.6.2 Affected: 5.6.4 Affected: 5.6.5 Affected: 5.6.6 Affected: 5.6.6.1 Affected: 5.6.7 Affected: 5.6.7.1 Affected: 5.6.7.2 Affected: 5.6.8 Affected: 5.6.8.1 Affected: 5.6.9 Affected: 5.6.10 Affected: 5.6.11 Affected: 5.6.12 Affected: 5.6.13 Affected: 5.6.14 Affected: 5.6.14.1 Affected: 5.7.1.1 Affected: 5.7.1 Affected: 5.7.2 Affected: 5.7.2.1 Affected: 5.7.3 Affected: 5.7.4 Affected: 5.7.5 Affected: 5.7.5.1 Affected: 5.7.6 Affected: 5.7.6.1 Affected: 5.7.6.2 Affected: 5.7.7 Affected: 5.7.8 Affected: 5.7.10 Affected: 5.7.10.1 Affected: 5.7.10.2 Affected: 5.7.11 Affected: 5.7.12 Affected: 5.7.13 Affected: 5.7.14 Affected: 5.7.15.1 Affected: 5.7.6.3 Affected: 5.7.8.1 Affected: 5.7.9 Affected: 5.7.9.1 Affected: 5.8.1 Affected: 5.8.2 Affected: 5.8.2.1 Affected: 5.8.3 Affected: 5.8.4 Affected: 5.8.5 Affected: 5.8.10 Affected: 5.8.11 Affected: 5.8.12 Affected: 5.8.6 Affected: 5.8.7 Affected: 5.8.8 Affected: 5.8.9 Affected: 6.0 Affected: 6.1 Affected: 6.2 Affected: 6.0.1 Affected: 6.0.1.1 Affected: 6.0.10 Affected: 6.0.11 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.7 Affected: 6.0.8 Affected: 6.0.9 Affected: 6.1.1 Affected: 6.1.2 Affected: 6.1.2.1 Affected: 6.1.3 Affected: 6.1.3.1 Affected: 6.1.3.2 Affected: 6.1.4 Affected: 6.1.5 Affected: 6.1.6 Affected: 6.1.6.1 Affected: 6.1.7 Affected: 6.1.7.1 Affected: 6.2.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:5.1.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "5.1.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T18:43:57.383617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:26.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.1.1.1"
},
{
"status": "affected",
"version": "5.1.1.3"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.2.0.3"
},
{
"status": "affected",
"version": "5.2.0.4"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.1.1"
},
{
"status": "affected",
"version": "5.2.3.2"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.4.3"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4.0.2"
},
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.4.1.1"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.4.3"
},
{
"status": "affected",
"version": "5.4.3.1"
},
{
"status": "affected",
"version": "5.4.3.2"
},
{
"status": "affected",
"version": "5.4.4.1"
},
{
"status": "affected",
"version": "5.4.4"
},
{
"status": "affected",
"version": "5.4.4.3"
},
{
"status": "affected",
"version": "5.4.3.4"
},
{
"status": "affected",
"version": "5.4.4.2"
},
{
"status": "affected",
"version": "5.4.3.3"
},
{
"status": "affected",
"version": "5.4.5.1"
},
{
"status": "affected",
"version": "5.4.2.1"
},
{
"status": "affected",
"version": "5.4.5.2"
},
{
"status": "affected",
"version": "5.4.5"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.4.6"
},
{
"status": "affected",
"version": "5.4.7"
},
{
"status": "affected",
"version": "5.4.7.1"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.5.2.1"
},
{
"status": "affected",
"version": "5.5.2.2"
},
{
"status": "affected",
"version": "5.5.2.5"
},
{
"status": "affected",
"version": "5.5.2.3"
},
{
"status": "affected",
"version": "5.5.2.4"
},
{
"status": "affected",
"version": "5.5.2.9"
},
{
"status": "affected",
"version": "5.5.2.10"
},
{
"status": "affected",
"version": "5.5.3"
},
{
"status": "affected",
"version": "5.5.2.11"
},
{
"status": "affected",
"version": "5.5.2.6"
},
{
"status": "affected",
"version": "5.5.2.7"
},
{
"status": "affected",
"version": "5.5.2.8"
},
{
"status": "affected",
"version": "5.5.2.12"
},
{
"status": "affected",
"version": "5.5.4"
},
{
"status": "affected",
"version": "5.5.4.1"
},
{
"status": "affected",
"version": "5.5.3.1"
},
{
"status": "affected",
"version": "5.5.5"
},
{
"status": "affected",
"version": "5.5.6"
},
{
"status": "affected",
"version": "5.5.6.1"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.5.8"
},
{
"status": "affected",
"version": "5.5.10"
},
{
"status": "affected",
"version": "5.5.9"
},
{
"status": "affected",
"version": "5.6.1"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"status": "affected",
"version": "5.6.3.1"
},
{
"status": "affected",
"version": "5.6.2"
},
{
"status": "affected",
"version": "5.6.4"
},
{
"status": "affected",
"version": "5.6.5"
},
{
"status": "affected",
"version": "5.6.6"
},
{
"status": "affected",
"version": "5.6.6.1"
},
{
"status": "affected",
"version": "5.6.7"
},
{
"status": "affected",
"version": "5.6.7.1"
},
{
"status": "affected",
"version": "5.6.7.2"
},
{
"status": "affected",
"version": "5.6.8"
},
{
"status": "affected",
"version": "5.6.8.1"
},
{
"status": "affected",
"version": "5.6.9"
},
{
"status": "affected",
"version": "5.6.10"
},
{
"status": "affected",
"version": "5.6.11"
},
{
"status": "affected",
"version": "5.6.12"
},
{
"status": "affected",
"version": "5.6.13"
},
{
"status": "affected",
"version": "5.6.14"
},
{
"status": "affected",
"version": "5.6.14.1"
},
{
"status": "affected",
"version": "5.7.1.1"
},
{
"status": "affected",
"version": "5.7.1"
},
{
"status": "affected",
"version": "5.7.2"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.3"
},
{
"status": "affected",
"version": "5.7.4"
},
{
"status": "affected",
"version": "5.7.5"
},
{
"status": "affected",
"version": "5.7.5.1"
},
{
"status": "affected",
"version": "5.7.6"
},
{
"status": "affected",
"version": "5.7.6.1"
},
{
"status": "affected",
"version": "5.7.6.2"
},
{
"status": "affected",
"version": "5.7.7"
},
{
"status": "affected",
"version": "5.7.8"
},
{
"status": "affected",
"version": "5.7.10"
},
{
"status": "affected",
"version": "5.7.10.1"
},
{
"status": "affected",
"version": "5.7.10.2"
},
{
"status": "affected",
"version": "5.7.11"
},
{
"status": "affected",
"version": "5.7.12"
},
{
"status": "affected",
"version": "5.7.13"
},
{
"status": "affected",
"version": "5.7.14"
},
{
"status": "affected",
"version": "5.7.15.1"
},
{
"status": "affected",
"version": "5.7.6.3"
},
{
"status": "affected",
"version": "5.7.8.1"
},
{
"status": "affected",
"version": "5.7.9"
},
{
"status": "affected",
"version": "5.7.9.1"
},
{
"status": "affected",
"version": "5.8.1"
},
{
"status": "affected",
"version": "5.8.2"
},
{
"status": "affected",
"version": "5.8.2.1"
},
{
"status": "affected",
"version": "5.8.3"
},
{
"status": "affected",
"version": "5.8.4"
},
{
"status": "affected",
"version": "5.8.5"
},
{
"status": "affected",
"version": "5.8.10"
},
{
"status": "affected",
"version": "5.8.11"
},
{
"status": "affected",
"version": "5.8.12"
},
{
"status": "affected",
"version": "5.8.6"
},
{
"status": "affected",
"version": "5.8.7"
},
{
"status": "affected",
"version": "5.8.8"
},
{
"status": "affected",
"version": "5.8.9"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.10"
},
{
"status": "affected",
"version": "6.0.11"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.2.1"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.6"
},
{
"status": "affected",
"version": "6.1.6.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.1.7.1"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "External Control of File Name or Path",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T17:25:09.258Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D"
}
],
"source": {
"advisory": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D",
"defects": [
"CSCwi92920"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20366",
"datePublished": "2024-05-15T17:25:09.258Z",
"dateReserved": "2023-11-08T15:08:07.652Z",
"dateUpdated": "2024-08-01T21:59:42.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20040 (GCVE-0-2023-20040)
Vulnerability from nvd – Published: 2023-01-19 01:37 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.
This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition.
Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.
Severity ?
5.5 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
4.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:36.087Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
],
"source": {
"advisory": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"defects": [
"CSCwb11065"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20040",
"datePublished": "2023-01-19T01:37:34.592Z",
"dateReserved": "2022-10-27T18:47:50.316Z",
"dateUpdated": "2024-08-02T08:57:35.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44228 (GCVE-0-2021-44228)
Vulnerability from nvd – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
VLAI?
Title
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Affected:
2.0-beta9 , < log4j-core*
(custom)
|
Credits
This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44228",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:25:34.416117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:23.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-12-10T00:00:00+00:00",
"value": "CVE-2021-44228 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.12.2",
"status": "unaffected"
},
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.15.0",
"status": "unaffected"
}
],
"lessThan": "log4j-core*",
"status": "affected",
"version": "2.0-beta9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
}
],
"metrics": [
{
"other": {
"content": {
"other": "critical"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"url": "https://support.apple.com/kb/HT213189"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44228",
"datePublished": "2021-12-10T00:00:00.000Z",
"dateReserved": "2021-11-26T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:23.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1572 (GCVE-0-2021-1572)
Vulnerability from nvd – Published: 2021-08-04 17:20 – Updated: 2024-11-07 22:05
VLAI?
Title
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
Summary
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ConfD |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:30.758700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:05:00.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ConfD",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T18:18:19",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
],
"source": {
"advisory": "cisco-sa-confd-priv-esc-LsGtCRx4",
"defect": [
[
"CSCvy43896"
]
],
"discovery": "INTERNAL"
},
"title": "ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-08-04T16:00:00",
"ID": "CVE-2021-1572",
"STATE": "PUBLIC",
"TITLE": "ConfD CLI Secure Shell Server Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ConfD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
]
},
"source": {
"advisory": "cisco-sa-confd-priv-esc-LsGtCRx4",
"defect": [
[
"CSCvy43896"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1572",
"datePublished": "2021-08-04T17:20:09.937016Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-07T22:05:00.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3362 (GCVE-0-2020-3362)
Vulnerability from nvd – Published: 2020-06-18 02:17 – Updated: 2024-11-15 17:00
VLAI?
Title
Cisco Network Services Orchestrator Information Disclosure Vulnerability
Summary
A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:27:34.268033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:00:53.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-18T02:17:13",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
],
"source": {
"advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq",
"defect": [
[
"CSCvu17597"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-17T16:00:00",
"ID": "CVE-2020-3362",
"STATE": "PUBLIC",
"TITLE": "Cisco Network Services Orchestrator Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
]
},
"source": {
"advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq",
"defect": [
[
"CSCvu17597"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3362",
"datePublished": "2020-06-18T02:17:13.303988Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:00:53.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0463 (GCVE-0-2018-0463)
Vulnerability from nvd – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:39
VLAI?
Title
Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability
Summary
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:53:26.786615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:39:29.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
],
"source": {
"advisory": "cisco-sa-20180905-nso-infodis",
"defect": [
[
"CSCvj50567",
"CSCvk74975"
]
],
"discovery": "UNKNOWN"
},
"title": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID": "CVE-2018-0463",
"STATE": "PUBLIC",
"TITLE": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
]
},
"source": {
"advisory": "cisco-sa-20180905-nso-infodis",
"defect": [
[
"CSCvj50567",
"CSCvk74975"
]
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0463",
"datePublished": "2018-10-05T14:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-26T14:39:29.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0274 (GCVE-0-2018-0274)
Vulnerability from nvd – Published: 2018-06-07 12:00 – Updated: 2024-11-29 15:06
VLAI?
Summary
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Network Services Orchestrator unknown |
Affected:
Cisco Network Services Orchestrator unknown
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:42:37.539097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T15:06:59.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Network Services Orchestrator unknown"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "104449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator unknown",
"version": {
"version_data": [
{
"version_value": "Cisco Network Services Orchestrator unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104449"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0274",
"datePublished": "2018-06-07T12:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-29T15:06:59.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32433 (GCVE-0-2025-32433)
Vulnerability from cvelistv5 – Published: 2025-04-16 21:34 – Updated: 2025-11-03 19:53
VLAI?
Title
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
Summary
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:28.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32433",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T03:55:59.410447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:18.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-09T00:00:00+00:00",
"value": "CVE-2025-32433 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003e= OTP-27.0-rc1, \u003c OTP-27.3.3"
},
{
"status": "affected",
"version": "\u003e= OTP-26.0-rc1, \u003c OTP-26.2.5.11"
},
{
"status": "affected",
"version": "\u003c OTP-25.3.2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T21:34:37.457Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"
},
{
"name": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
},
{
"name": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
},
{
"name": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
}
],
"source": {
"advisory": "GHSA-37cp-fgq5-7wc2",
"discovery": "UNKNOWN"
},
"title": "Erlang/OTP SSH Vulnerable to Pre-Authentication RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32433",
"datePublished": "2025-04-16T21:34:37.457Z",
"dateReserved": "2025-04-08T10:54:58.368Z",
"dateUpdated": "2025-11-03T19:53:28.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-1132 (GCVE-0-2021-1132)
Vulnerability from cvelistv5 – Published: 2024-11-18 15:42 – Updated: 2024-11-18 16:36
VLAI?
Title
Cisco Network Services Orchestrator Path Traversal Vulnerability
Summary
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.
This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
5.3.1
Affected: 5.4.0.1 Affected: 5.4 Affected: 5.4.0.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:network_services_orchestrator:5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4.0.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T16:34:43.577822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:36:46.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.4.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API subsystem and in the web-management interface of Cisco\u0026nbsp;Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.\r\nThis vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:42:08.936Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-dZRQE8Lc",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-dZRQE8Lc"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8"
}
],
"source": {
"advisory": "cisco-sa-nso-path-trvsl-dZRQE8Lc",
"defects": [
"CSCvv48959"
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Path Traversal Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1132",
"datePublished": "2024-11-18T15:42:08.936Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-18T16:36:46.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20381 (GCVE-0-2024-20381)
Vulnerability from cvelistv5 – Published: 2024-09-11 16:38 – Updated: 2024-09-27 13:58
VLAI?
Title
Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
Summary
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.
This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.
Severity ?
8.8 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.29 Affected: 6.5.1 Affected: 6.6.1 Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.5.26 Affected: 6.6.11 Affected: 6.5.25 Affected: 6.5.28 Affected: 6.5.93 Affected: 6.6.12 Affected: 6.5.90 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 6.5.31 Affected: 7.3.15 Affected: 7.3.16 Affected: 6.8.1 Affected: 7.4.15 Affected: 6.5.32 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.8.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 6.5.33 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.5.52 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.3.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_rv_series_router_firmware",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.0.01.17"
},
{
"status": "affected",
"version": "1.0.03.17"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T03:55:16.289362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:58:21.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.8.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.5.52"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "5.2.1.1"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "5.2.0.3"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "5.4.0.2"
},
{
"status": "affected",
"version": "4.7.3"
},
{
"status": "affected",
"version": "5.2.0.4"
},
{
"status": "affected",
"version": "5.1.1.1"
},
{
"status": "affected",
"version": "5.1.1.3"
},
{
"status": "affected",
"version": "5.2.3.2"
},
{
"status": "affected",
"version": "5.4.1.1"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.4.3"
},
{
"status": "affected",
"version": "5.4.3.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.3.4.3"
},
{
"status": "affected",
"version": "5.5.2.1"
},
{
"status": "affected",
"version": "5.5.2.2"
},
{
"status": "affected",
"version": "5.4.3.2"
},
{
"status": "affected",
"version": "5.5.2.3"
},
{
"status": "affected",
"version": "5.4.4"
},
{
"status": "affected",
"version": "5.4.4.1"
},
{
"status": "affected",
"version": "5.5.2.4"
},
{
"status": "affected",
"version": "5.5.2.5"
},
{
"status": "affected",
"version": "5.5.2.6"
},
{
"status": "affected",
"version": "5.4.4.2"
},
{
"status": "affected",
"version": "5.4.3.3"
},
{
"status": "affected",
"version": "5.5.2.7"
},
{
"status": "affected",
"version": "5.5.2.8"
},
{
"status": "affected",
"version": "5.4.3.4"
},
{
"status": "affected",
"version": "5.4.4.3"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.5.2.9"
},
{
"status": "affected",
"version": "5.5.3"
},
{
"status": "affected",
"version": "5.5.2.10"
},
{
"status": "affected",
"version": "5.6.1"
},
{
"status": "affected",
"version": "5.5.2.11"
},
{
"status": "affected",
"version": "5.6.2"
},
{
"status": "affected",
"version": "5.5.3.1"
},
{
"status": "affected",
"version": "5.4.5"
},
{
"status": "affected",
"version": "5.4.5.1"
},
{
"status": "affected",
"version": "5.5.4"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"status": "affected",
"version": "5.5.4.1"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.5.2.12"
},
{
"status": "affected",
"version": "5.4.2.1"
},
{
"status": "affected",
"version": "5.6.3.1"
},
{
"status": "affected",
"version": "5.4.5.2"
},
{
"status": "affected",
"version": "5.7.1"
},
{
"status": "affected",
"version": "5.7.1.1"
},
{
"status": "affected",
"version": "5.6.4"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.4.6"
},
{
"status": "affected",
"version": "5.7.2"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.6.5"
},
{
"status": "affected",
"version": "5.5.5"
},
{
"status": "affected",
"version": "5.7.3"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.6.6.1"
},
{
"status": "affected",
"version": "5.7.5.1"
},
{
"status": "affected",
"version": "5.6.7.1"
},
{
"status": "affected",
"version": "5.6.7"
},
{
"status": "affected",
"version": "5.5.6.1"
},
{
"status": "affected",
"version": "5.8.1"
},
{
"status": "affected",
"version": "5.6.6"
},
{
"status": "affected",
"version": "5.4.7"
},
{
"status": "affected",
"version": "5.8.2.1"
},
{
"status": "affected",
"version": "5.7.5"
},
{
"status": "affected",
"version": "5.7.4"
},
{
"status": "affected",
"version": "5.8.2"
},
{
"status": "affected",
"version": "5.5.6"
},
{
"status": "affected",
"version": "5.6.7.2"
},
{
"status": "affected",
"version": "5.7.6"
},
{
"status": "affected",
"version": "5.7.6.1"
},
{
"status": "affected",
"version": "5.8.3"
},
{
"status": "affected",
"version": "5.6.8"
},
{
"status": "affected",
"version": "5.7.6.2"
},
{
"status": "affected",
"version": "5.8.4"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.7.7"
},
{
"status": "affected",
"version": "5.6.9"
},
{
"status": "affected",
"version": "5.6.8.1"
},
{
"status": "affected",
"version": "5.8.5"
},
{
"status": "affected",
"version": "5.5.8"
},
{
"status": "affected",
"version": "5.7.8"
},
{
"status": "affected",
"version": "5.4.7.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.7.8.1"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "5.6.10"
},
{
"status": "affected",
"version": "5.8.6"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "5.7.9"
},
{
"status": "affected",
"version": "5.5.9"
},
{
"status": "affected",
"version": "5.6.11"
},
{
"status": "affected",
"version": "5.8.7"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "5.7.10"
},
{
"status": "affected",
"version": "5.6.12"
},
{
"status": "affected",
"version": "5.8.8"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "5.5.10"
},
{
"status": "affected",
"version": "5.7.10.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "5.7.6.3"
},
{
"status": "affected",
"version": "5.7.11"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "5.6.13"
},
{
"status": "affected",
"version": "5.8.9"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "5.7.10.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.7.12"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "5.6.14"
},
{
"status": "affected",
"version": "6.1.2.1"
},
{
"status": "affected",
"version": "5.8.10"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "5.7.13"
},
{
"status": "affected",
"version": "5.8.11"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "5.6.14.1"
},
{
"status": "affected",
"version": "5.8.12"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "5.8.13"
},
{
"status": "affected",
"version": "5.7.14"
},
{
"status": "affected",
"version": "6.0.10"
},
{
"status": "affected",
"version": "6.1.6"
},
{
"status": "affected",
"version": "6.1.6.1"
},
{
"status": "affected",
"version": "6.0.11"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "5.7.15"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.1.7.1"
},
{
"status": "affected",
"version": "6.0.12"
},
{
"status": "affected",
"version": "6.1.8"
},
{
"status": "affected",
"version": "5.7.9.1"
},
{
"status": "affected",
"version": "5.7.15.1"
},
{
"status": "affected",
"version": "6.1.10"
},
{
"status": "affected",
"version": "6.1.11"
},
{
"status": "affected",
"version": "5.1.4.3"
},
{
"status": "affected",
"version": "6.1.11.1"
},
{
"status": "affected",
"version": "6.1.11.2"
},
{
"status": "affected",
"version": "5.7.17"
},
{
"status": "affected",
"version": "6.1.12"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.01.17"
},
{
"status": "affected",
"version": "1.0.03.17"
},
{
"status": "affected",
"version": "1.0.01.16"
},
{
"status": "affected",
"version": "1.0.01.18"
},
{
"status": "affected",
"version": "1.0.00.29"
},
{
"status": "affected",
"version": "1.0.03.16"
},
{
"status": "affected",
"version": "1.0.03.15"
},
{
"status": "affected",
"version": "1.0.02.16"
},
{
"status": "affected",
"version": "1.0.01.20"
},
{
"status": "affected",
"version": "1.0.00.33"
},
{
"status": "affected",
"version": "1.0.03.18"
},
{
"status": "affected",
"version": "1.0.03.19"
},
{
"status": "affected",
"version": "1.0.03.20"
},
{
"status": "affected",
"version": "1.0.03.21"
},
{
"status": "affected",
"version": "1.0.03.22"
},
{
"status": "affected",
"version": "1.0.03.24"
},
{
"status": "affected",
"version": "1.0.03.26"
},
{
"status": "affected",
"version": "1.0.03.27"
},
{
"status": "affected",
"version": "1.0.03.28"
},
{
"status": "affected",
"version": "1.0.03.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:24:52.271Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-auth-bypass-QnTEesp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp"
}
],
"source": {
"advisory": "cisco-sa-nso-auth-bypass-QnTEesp",
"defects": [
"CSCwj26769"
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20381",
"datePublished": "2024-09-11T16:38:42.096Z",
"dateReserved": "2023-11-08T15:08:07.656Z",
"dateUpdated": "2024-09-27T13:58:21.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20366 (GCVE-0-2024-20366)
Vulnerability from cvelistv5 – Published: 2024-05-15 17:25 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.
Severity ?
7.8 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
5.4
Affected: 5.5 Affected: 5.6 Affected: 5.7 Affected: 5.8 Affected: 5.1.1.1 Affected: 5.1.1.3 Affected: 5.1.2 Affected: 5.2.0.3 Affected: 5.2.0.4 Affected: 5.2.1 Affected: 5.2.1.1 Affected: 5.2.3.2 Affected: 5.3.1 Affected: 5.3.4.3 Affected: 5.4.0.1 Affected: 5.4.0.2 Affected: 5.4.1 Affected: 5.4.1.1 Affected: 5.4.2 Affected: 5.4.3 Affected: 5.4.3.1 Affected: 5.4.3.2 Affected: 5.4.4.1 Affected: 5.4.4 Affected: 5.4.4.3 Affected: 5.4.3.4 Affected: 5.4.4.2 Affected: 5.4.3.3 Affected: 5.4.5.1 Affected: 5.4.2.1 Affected: 5.4.5.2 Affected: 5.4.5 Affected: 5.4.2.2 Affected: 5.4.6 Affected: 5.4.7 Affected: 5.4.7.1 Affected: 5.5.1 Affected: 5.5.2 Affected: 5.5.2.1 Affected: 5.5.2.2 Affected: 5.5.2.5 Affected: 5.5.2.3 Affected: 5.5.2.4 Affected: 5.5.2.9 Affected: 5.5.2.10 Affected: 5.5.3 Affected: 5.5.2.11 Affected: 5.5.2.6 Affected: 5.5.2.7 Affected: 5.5.2.8 Affected: 5.5.2.12 Affected: 5.5.4 Affected: 5.5.4.1 Affected: 5.5.3.1 Affected: 5.5.5 Affected: 5.5.6 Affected: 5.5.6.1 Affected: 5.5.7 Affected: 5.5.8 Affected: 5.5.10 Affected: 5.5.9 Affected: 5.6.1 Affected: 5.6.3 Affected: 5.6.3.1 Affected: 5.6.2 Affected: 5.6.4 Affected: 5.6.5 Affected: 5.6.6 Affected: 5.6.6.1 Affected: 5.6.7 Affected: 5.6.7.1 Affected: 5.6.7.2 Affected: 5.6.8 Affected: 5.6.8.1 Affected: 5.6.9 Affected: 5.6.10 Affected: 5.6.11 Affected: 5.6.12 Affected: 5.6.13 Affected: 5.6.14 Affected: 5.6.14.1 Affected: 5.7.1.1 Affected: 5.7.1 Affected: 5.7.2 Affected: 5.7.2.1 Affected: 5.7.3 Affected: 5.7.4 Affected: 5.7.5 Affected: 5.7.5.1 Affected: 5.7.6 Affected: 5.7.6.1 Affected: 5.7.6.2 Affected: 5.7.7 Affected: 5.7.8 Affected: 5.7.10 Affected: 5.7.10.1 Affected: 5.7.10.2 Affected: 5.7.11 Affected: 5.7.12 Affected: 5.7.13 Affected: 5.7.14 Affected: 5.7.15.1 Affected: 5.7.6.3 Affected: 5.7.8.1 Affected: 5.7.9 Affected: 5.7.9.1 Affected: 5.8.1 Affected: 5.8.2 Affected: 5.8.2.1 Affected: 5.8.3 Affected: 5.8.4 Affected: 5.8.5 Affected: 5.8.10 Affected: 5.8.11 Affected: 5.8.12 Affected: 5.8.6 Affected: 5.8.7 Affected: 5.8.8 Affected: 5.8.9 Affected: 6.0 Affected: 6.1 Affected: 6.2 Affected: 6.0.1 Affected: 6.0.1.1 Affected: 6.0.10 Affected: 6.0.11 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.7 Affected: 6.0.8 Affected: 6.0.9 Affected: 6.1.1 Affected: 6.1.2 Affected: 6.1.2.1 Affected: 6.1.3 Affected: 6.1.3.1 Affected: 6.1.3.2 Affected: 6.1.4 Affected: 6.1.5 Affected: 6.1.6 Affected: 6.1.6.1 Affected: 6.1.7 Affected: 6.1.7.1 Affected: 6.2.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:5.1.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "5.1.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T18:43:57.383617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:26.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.1.1.1"
},
{
"status": "affected",
"version": "5.1.1.3"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.2.0.3"
},
{
"status": "affected",
"version": "5.2.0.4"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.1.1"
},
{
"status": "affected",
"version": "5.2.3.2"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.4.3"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4.0.2"
},
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.4.1.1"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.4.3"
},
{
"status": "affected",
"version": "5.4.3.1"
},
{
"status": "affected",
"version": "5.4.3.2"
},
{
"status": "affected",
"version": "5.4.4.1"
},
{
"status": "affected",
"version": "5.4.4"
},
{
"status": "affected",
"version": "5.4.4.3"
},
{
"status": "affected",
"version": "5.4.3.4"
},
{
"status": "affected",
"version": "5.4.4.2"
},
{
"status": "affected",
"version": "5.4.3.3"
},
{
"status": "affected",
"version": "5.4.5.1"
},
{
"status": "affected",
"version": "5.4.2.1"
},
{
"status": "affected",
"version": "5.4.5.2"
},
{
"status": "affected",
"version": "5.4.5"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.4.6"
},
{
"status": "affected",
"version": "5.4.7"
},
{
"status": "affected",
"version": "5.4.7.1"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.5.2.1"
},
{
"status": "affected",
"version": "5.5.2.2"
},
{
"status": "affected",
"version": "5.5.2.5"
},
{
"status": "affected",
"version": "5.5.2.3"
},
{
"status": "affected",
"version": "5.5.2.4"
},
{
"status": "affected",
"version": "5.5.2.9"
},
{
"status": "affected",
"version": "5.5.2.10"
},
{
"status": "affected",
"version": "5.5.3"
},
{
"status": "affected",
"version": "5.5.2.11"
},
{
"status": "affected",
"version": "5.5.2.6"
},
{
"status": "affected",
"version": "5.5.2.7"
},
{
"status": "affected",
"version": "5.5.2.8"
},
{
"status": "affected",
"version": "5.5.2.12"
},
{
"status": "affected",
"version": "5.5.4"
},
{
"status": "affected",
"version": "5.5.4.1"
},
{
"status": "affected",
"version": "5.5.3.1"
},
{
"status": "affected",
"version": "5.5.5"
},
{
"status": "affected",
"version": "5.5.6"
},
{
"status": "affected",
"version": "5.5.6.1"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.5.8"
},
{
"status": "affected",
"version": "5.5.10"
},
{
"status": "affected",
"version": "5.5.9"
},
{
"status": "affected",
"version": "5.6.1"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"status": "affected",
"version": "5.6.3.1"
},
{
"status": "affected",
"version": "5.6.2"
},
{
"status": "affected",
"version": "5.6.4"
},
{
"status": "affected",
"version": "5.6.5"
},
{
"status": "affected",
"version": "5.6.6"
},
{
"status": "affected",
"version": "5.6.6.1"
},
{
"status": "affected",
"version": "5.6.7"
},
{
"status": "affected",
"version": "5.6.7.1"
},
{
"status": "affected",
"version": "5.6.7.2"
},
{
"status": "affected",
"version": "5.6.8"
},
{
"status": "affected",
"version": "5.6.8.1"
},
{
"status": "affected",
"version": "5.6.9"
},
{
"status": "affected",
"version": "5.6.10"
},
{
"status": "affected",
"version": "5.6.11"
},
{
"status": "affected",
"version": "5.6.12"
},
{
"status": "affected",
"version": "5.6.13"
},
{
"status": "affected",
"version": "5.6.14"
},
{
"status": "affected",
"version": "5.6.14.1"
},
{
"status": "affected",
"version": "5.7.1.1"
},
{
"status": "affected",
"version": "5.7.1"
},
{
"status": "affected",
"version": "5.7.2"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.3"
},
{
"status": "affected",
"version": "5.7.4"
},
{
"status": "affected",
"version": "5.7.5"
},
{
"status": "affected",
"version": "5.7.5.1"
},
{
"status": "affected",
"version": "5.7.6"
},
{
"status": "affected",
"version": "5.7.6.1"
},
{
"status": "affected",
"version": "5.7.6.2"
},
{
"status": "affected",
"version": "5.7.7"
},
{
"status": "affected",
"version": "5.7.8"
},
{
"status": "affected",
"version": "5.7.10"
},
{
"status": "affected",
"version": "5.7.10.1"
},
{
"status": "affected",
"version": "5.7.10.2"
},
{
"status": "affected",
"version": "5.7.11"
},
{
"status": "affected",
"version": "5.7.12"
},
{
"status": "affected",
"version": "5.7.13"
},
{
"status": "affected",
"version": "5.7.14"
},
{
"status": "affected",
"version": "5.7.15.1"
},
{
"status": "affected",
"version": "5.7.6.3"
},
{
"status": "affected",
"version": "5.7.8.1"
},
{
"status": "affected",
"version": "5.7.9"
},
{
"status": "affected",
"version": "5.7.9.1"
},
{
"status": "affected",
"version": "5.8.1"
},
{
"status": "affected",
"version": "5.8.2"
},
{
"status": "affected",
"version": "5.8.2.1"
},
{
"status": "affected",
"version": "5.8.3"
},
{
"status": "affected",
"version": "5.8.4"
},
{
"status": "affected",
"version": "5.8.5"
},
{
"status": "affected",
"version": "5.8.10"
},
{
"status": "affected",
"version": "5.8.11"
},
{
"status": "affected",
"version": "5.8.12"
},
{
"status": "affected",
"version": "5.8.6"
},
{
"status": "affected",
"version": "5.8.7"
},
{
"status": "affected",
"version": "5.8.8"
},
{
"status": "affected",
"version": "5.8.9"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.10"
},
{
"status": "affected",
"version": "6.0.11"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.2.1"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.6"
},
{
"status": "affected",
"version": "6.1.6.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.1.7.1"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "External Control of File Name or Path",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T17:25:09.258Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D"
}
],
"source": {
"advisory": "cisco-sa-nso-hcc-priv-esc-OWBWCs5D",
"defects": [
"CSCwi92920"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20366",
"datePublished": "2024-05-15T17:25:09.258Z",
"dateReserved": "2023-11-08T15:08:07.652Z",
"dateUpdated": "2024-08-01T21:59:42.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20369 (GCVE-0-2024-20369)
Vulnerability from cvelistv5 – Published: 2024-05-15 17:23 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Severity ?
4.7 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
5.4
Affected: 5.5 Affected: 5.6 Affected: 5.7 Affected: 5.8 Affected: 5.1.1.1 Affected: 5.1.1.3 Affected: 5.1.2 Affected: 5.2.0.4 Affected: 5.2.1 Affected: 5.2.1.1 Affected: 5.2.3.2 Affected: 5.3.1 Affected: 5.3.4.3 Affected: 5.4.0.1 Affected: 5.4.1 Affected: 5.4.1.1 Affected: 5.4.2 Affected: 5.4.3.1 Affected: 5.4.4.1 Affected: 5.4.4 Affected: 5.4.4.3 Affected: 5.4.3.3 Affected: 5.4.5.1 Affected: 5.4.5.2 Affected: 5.4.5 Affected: 5.4.6 Affected: 5.4.7 Affected: 5.4.7.1 Affected: 5.5.1 Affected: 5.5.2 Affected: 5.5.2.1 Affected: 5.5.2.3 Affected: 5.5.2.4 Affected: 5.5.2.9 Affected: 5.5.2.10 Affected: 5.5.3 Affected: 5.5.2.7 Affected: 5.5.2.12 Affected: 5.5.4.1 Affected: 5.5.3.1 Affected: 5.5.5 Affected: 5.5.6 Affected: 5.5.7 Affected: 5.5.8 Affected: 5.6.1 Affected: 5.6.3 Affected: 5.6.2 Affected: 5.6.5 Affected: 5.6.6 Affected: 5.6.6.1 Affected: 5.6.7 Affected: 5.6.7.1 Affected: 5.6.8 Affected: 5.6.8.1 Affected: 5.6.11 Affected: 5.6.13 Affected: 5.6.14 Affected: 5.6.14.1 Affected: 5.7.1.1 Affected: 5.7.1 Affected: 5.7.2 Affected: 5.7.2.1 Affected: 5.7.3 Affected: 5.7.4 Affected: 5.7.5 Affected: 5.7.5.1 Affected: 5.7.6 Affected: 5.7.6.2 Affected: 5.7.8 Affected: 5.7.10 Affected: 5.7.10.2 Affected: 5.7.11 Affected: 5.7.13 Affected: 5.7.14 Affected: 5.7.9 Affected: 5.7.9.1 Affected: 5.8.1 Affected: 5.8.2 Affected: 5.8.2.1 Affected: 5.8.5 Affected: 5.8.10 Affected: 5.8.11 Affected: 5.8.9 Affected: 6.1 Affected: 6.2 Affected: 6.0.1.1 Affected: 6.0.10 Affected: 6.0.5 Affected: 6.0.8 Affected: 6.1.2.1 Affected: 6.1.5 Affected: 6.1.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:29:07.120761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:17.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nso-ordir-MNM8YqzO",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.1.1.1"
},
{
"status": "affected",
"version": "5.1.1.3"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.2.0.4"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.1.1"
},
{
"status": "affected",
"version": "5.2.3.2"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.4.3"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.4.1.1"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.4.3.1"
},
{
"status": "affected",
"version": "5.4.4.1"
},
{
"status": "affected",
"version": "5.4.4"
},
{
"status": "affected",
"version": "5.4.4.3"
},
{
"status": "affected",
"version": "5.4.3.3"
},
{
"status": "affected",
"version": "5.4.5.1"
},
{
"status": "affected",
"version": "5.4.5.2"
},
{
"status": "affected",
"version": "5.4.5"
},
{
"status": "affected",
"version": "5.4.6"
},
{
"status": "affected",
"version": "5.4.7"
},
{
"status": "affected",
"version": "5.4.7.1"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.5.2.1"
},
{
"status": "affected",
"version": "5.5.2.3"
},
{
"status": "affected",
"version": "5.5.2.4"
},
{
"status": "affected",
"version": "5.5.2.9"
},
{
"status": "affected",
"version": "5.5.2.10"
},
{
"status": "affected",
"version": "5.5.3"
},
{
"status": "affected",
"version": "5.5.2.7"
},
{
"status": "affected",
"version": "5.5.2.12"
},
{
"status": "affected",
"version": "5.5.4.1"
},
{
"status": "affected",
"version": "5.5.3.1"
},
{
"status": "affected",
"version": "5.5.5"
},
{
"status": "affected",
"version": "5.5.6"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.5.8"
},
{
"status": "affected",
"version": "5.6.1"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"status": "affected",
"version": "5.6.2"
},
{
"status": "affected",
"version": "5.6.5"
},
{
"status": "affected",
"version": "5.6.6"
},
{
"status": "affected",
"version": "5.6.6.1"
},
{
"status": "affected",
"version": "5.6.7"
},
{
"status": "affected",
"version": "5.6.7.1"
},
{
"status": "affected",
"version": "5.6.8"
},
{
"status": "affected",
"version": "5.6.8.1"
},
{
"status": "affected",
"version": "5.6.11"
},
{
"status": "affected",
"version": "5.6.13"
},
{
"status": "affected",
"version": "5.6.14"
},
{
"status": "affected",
"version": "5.6.14.1"
},
{
"status": "affected",
"version": "5.7.1.1"
},
{
"status": "affected",
"version": "5.7.1"
},
{
"status": "affected",
"version": "5.7.2"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.3"
},
{
"status": "affected",
"version": "5.7.4"
},
{
"status": "affected",
"version": "5.7.5"
},
{
"status": "affected",
"version": "5.7.5.1"
},
{
"status": "affected",
"version": "5.7.6"
},
{
"status": "affected",
"version": "5.7.6.2"
},
{
"status": "affected",
"version": "5.7.8"
},
{
"status": "affected",
"version": "5.7.10"
},
{
"status": "affected",
"version": "5.7.10.2"
},
{
"status": "affected",
"version": "5.7.11"
},
{
"status": "affected",
"version": "5.7.13"
},
{
"status": "affected",
"version": "5.7.14"
},
{
"status": "affected",
"version": "5.7.9"
},
{
"status": "affected",
"version": "5.7.9.1"
},
{
"status": "affected",
"version": "5.8.1"
},
{
"status": "affected",
"version": "5.8.2"
},
{
"status": "affected",
"version": "5.8.2.1"
},
{
"status": "affected",
"version": "5.8.5"
},
{
"status": "affected",
"version": "5.8.10"
},
{
"status": "affected",
"version": "5.8.11"
},
{
"status": "affected",
"version": "5.8.9"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.10"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"status": "affected",
"version": "6.1.2.1"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\n\r This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T17:23:34.938Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-ordir-MNM8YqzO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO"
}
],
"source": {
"advisory": "cisco-sa-nso-ordir-MNM8YqzO",
"defects": [
"CSCwi31723"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20369",
"datePublished": "2024-05-15T17:23:34.938Z",
"dateReserved": "2023-11-08T15:08:07.653Z",
"dateUpdated": "2024-08-01T21:59:42.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20040 (GCVE-0-2023-20040)
Vulnerability from cvelistv5 – Published: 2023-01-19 01:37 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.
This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition.
Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.
Severity ?
5.5 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
4.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:36.087Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
],
"source": {
"advisory": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"defects": [
"CSCwb11065"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20040",
"datePublished": "2023-01-19T01:37:34.592Z",
"dateReserved": "2022-10-27T18:47:50.316Z",
"dateUpdated": "2024-08-02T08:57:35.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44228 (GCVE-0-2021-44228)
Vulnerability from cvelistv5 – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
VLAI?
Title
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Affected:
2.0-beta9 , < log4j-core*
(custom)
|
Credits
This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44228",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:25:34.416117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:23.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-12-10T00:00:00+00:00",
"value": "CVE-2021-44228 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.12.2",
"status": "unaffected"
},
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.15.0",
"status": "unaffected"
}
],
"lessThan": "log4j-core*",
"status": "affected",
"version": "2.0-beta9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
}
],
"metrics": [
{
"other": {
"content": {
"other": "critical"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"url": "https://support.apple.com/kb/HT213189"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44228",
"datePublished": "2021-12-10T00:00:00.000Z",
"dateReserved": "2021-11-26T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:23.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1572 (GCVE-0-2021-1572)
Vulnerability from cvelistv5 – Published: 2021-08-04 17:20 – Updated: 2024-11-07 22:05
VLAI?
Title
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
Summary
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ConfD |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:30.758700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:05:00.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ConfD",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T18:18:19",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
],
"source": {
"advisory": "cisco-sa-confd-priv-esc-LsGtCRx4",
"defect": [
[
"CSCvy43896"
]
],
"discovery": "INTERNAL"
},
"title": "ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-08-04T16:00:00",
"ID": "CVE-2021-1572",
"STATE": "PUBLIC",
"TITLE": "ConfD CLI Secure Shell Server Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ConfD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
]
},
"source": {
"advisory": "cisco-sa-confd-priv-esc-LsGtCRx4",
"defect": [
[
"CSCvy43896"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1572",
"datePublished": "2021-08-04T17:20:09.937016Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-07T22:05:00.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3362 (GCVE-0-2020-3362)
Vulnerability from cvelistv5 – Published: 2020-06-18 02:17 – Updated: 2024-11-15 17:00
VLAI?
Title
Cisco Network Services Orchestrator Information Disclosure Vulnerability
Summary
A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:27:34.268033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:00:53.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-18T02:17:13",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
],
"source": {
"advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq",
"defect": [
[
"CSCvu17597"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-17T16:00:00",
"ID": "CVE-2020-3362",
"STATE": "PUBLIC",
"TITLE": "Cisco Network Services Orchestrator Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
]
},
"source": {
"advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq",
"defect": [
[
"CSCvu17597"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3362",
"datePublished": "2020-06-18T02:17:13.303988Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:00:53.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0463 (GCVE-0-2018-0463)
Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:39
VLAI?
Title
Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability
Summary
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Network Services Orchestrator |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:53:26.786615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:39:29.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
],
"source": {
"advisory": "cisco-sa-20180905-nso-infodis",
"defect": [
[
"CSCvj50567",
"CSCvk74975"
]
],
"discovery": "UNKNOWN"
},
"title": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID": "CVE-2018-0463",
"STATE": "PUBLIC",
"TITLE": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
]
},
"source": {
"advisory": "cisco-sa-20180905-nso-infodis",
"defect": [
[
"CSCvj50567",
"CSCvk74975"
]
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0463",
"datePublished": "2018-10-05T14:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-26T14:39:29.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0274 (GCVE-0-2018-0274)
Vulnerability from cvelistv5 – Published: 2018-06-07 12:00 – Updated: 2024-11-29 15:06
VLAI?
Summary
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Network Services Orchestrator unknown |
Affected:
Cisco Network Services Orchestrator unknown
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:42:37.539097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T15:06:59.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Network Services Orchestrator unknown"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "104449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator unknown",
"version": {
"version_data": [
{
"version_value": "Cisco Network Services Orchestrator unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104449"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0274",
"datePublished": "2018-06-07T12:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-29T15:06:59.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}