Vulnslist

find the latest Cisco vulnerabilities

Cisco Crosswork Network Services Orchestrator Vulnerabilities

cisco-sa-nso-rwpesc-qrQGnh3f · High · Published · Updated

Multiple vulnerabilities in the Cisco Crosswork Network Services Orchestrator (NSO) CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2024-20326, CVE-2024-20389
Cisco Bug IDsCSCwi31715, CSCwi84310
CVSS ScoreBase 7.8
Base 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Network Services Orchestrator

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Network Services Orchestrator known_affected cisco_csaf CVE-2024-20326, CVE-2024-20389 2

Related Products

Product CVE Evidence
Cisco Crosswork Planning CVE-2024-20326 Cisco OpenVuln
Cisco Network Services Orchestrator CVE-2024-20326 Cisco OpenVuln
Cisco Crosswork Planning CVE-2024-20389 Cisco OpenVuln
Cisco Network Services Orchestrator CVE-2024-20389 Cisco OpenVuln