Main Vulnerability Database Vulnerabilities #VU89570

OS Command Injection in Crosswork Network Services Orchestrator - CVE-2024-20326

Published: May 16, 2024 / Updated: May 16, 2024

Vulnerability identifier: #VU89570

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-20326

CWE-ID: CWE-78

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Crosswork Network Services Orchestrator

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper authorization enforcement when specific CLI commands are used. A local user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f

OS Command Injection in Crosswork Network Services Orchestrator - CVE-2024-20326

Description

Remediation

External links

Please verify you're human