cbcvebase.
CVE-2024-20366
published 2024-05-15

CVE-2024-20366: A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow…

PriorityP345high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.20%
9.7th percentile
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.

Affected

151 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_cisco7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.