CVE-2024-20366

CWE-73 CWE-4274 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 69.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Network Services Orchestrator Cisco Cisco Network Services Orchestrator

Timeline

PublishedMay 15

Description

A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/network_services_orchestrator5.0 — 5.0.5+1

▶CVEListV5cisco/cisco_network_services_orchestrator148 versions+147

🔴Vulnerability Details

CVEList

CVE-2024-20366: A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) coul↗2024-05-15

▶

GHSA

GHSA-fpvx-gw57-2p3v: A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) coul↗2024-05-15

▶

📋Vendor Advisories

Cisco

Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability↗2024-05-15

▶