Vulnslist

find the latest Cisco vulnerabilities

ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities

cisco-sa-cnfd-rwpesc-ZAOufyx8 · High · Published · Updated

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system.   For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnfd-rwpesc-ZAOufyx8

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2024-20326, CVE-2024-20389
Cisco Bug IDsCSCwj67262, CSCwj72783
CVSS ScoreBase 7.8
Base 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco ConfD, Cisco ConfD Basic

CSAF Product Statuses

Product Status Source CVE Rows
Cisco ConfD known_affected cisco_csaf CVE-2024-20326, CVE-2024-20389 2
Cisco ConfD Basic known_affected cisco_csaf CVE-2024-20326, CVE-2024-20389 2

Related Products

Product CVE Evidence
Cisco ConfD CVE-2024-20326 Cisco OpenVuln
Cisco ConfD Basic CVE-2024-20326 Cisco OpenVuln
Cisco ConfD CVE-2024-20389 Cisco OpenVuln
Cisco ConfD Basic CVE-2024-20389 Cisco OpenVuln