cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-20389,https://securityvulnerability.io/vulnerability/CVE-2024-20389,Arbitrary File Read and Write Vulnerability in Cisco ConfD and Crosswork Network Services Orchestrator CLI,"A vulnerability exists in the ConfD CLI and Cisco Crosswork Network Services Orchestrator CLI, allowing a local, authenticated attacker with low privileges to manipulate arbitrary files on the operating system. This issue arises from improper authorization enforcement when certain command-line interface (CLI) commands are executed. By utilizing crafted command arguments, an attacker can exploit this vulnerability to read or write files with root user privileges, potentially leading to unauthorized access or system compromise.",Cisco,"Cisco Confd,Cisco Confd Basic,Cisco Network Services Orchestrator",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-16T14:08:21.745Z,0
CVE-2024-20326,https://securityvulnerability.io/vulnerability/CVE-2024-20326,Arbitrary File Read and Write Vulnerability in Cisco ConfD and Crosswork Network Services Orchestrator CLI,"A vulnerability exists in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI, enabling an authenticated, low-privileged local attacker to gain unauthorized access to critical files on the underlying operating system. The issue arises from improper authorization enforcement associated with certain CLI commands, allowing for crafted command arguments to circumvent security measures. Consequently, this could lead to unauthorized reading or writing of arbitrary files with root user privileges, posing significant risks to system integrity and confidentiality.",Cisco,"Cisco Confd,Cisco Confd Basic,Cisco Network Services Orchestrator",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-16T14:08:18.634Z,0
CVE-2021-1572,https://securityvulnerability.io/vulnerability/CVE-2021-1572,ConfD CLI Secure Shell Server Privilege Escalation Vulnerability,"A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.",Cisco,Cisco Confd,7.8,HIGH,0.0004199999966658652,false,false,false,true,,false,false,2021-08-04T00:00:00.000Z,0