CVSS: 9.0EPSS: 0%CPEs: 271EXPL: 0CVE-2024-20381 – Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20381
11 Sep 2024 — A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could explo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 148EXPL: 0CVE-2024-20366
https://notcve.org/view.php?id=CVE-2024-20366
15 May 2024 — A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the a... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D • CWE-73: External Control of File Name or Path •