Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Confd_basic
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-16 | CVE-2024-20389 | A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or... | Confd_basic, Crosswork_network_services_orchestrator | N/A | ||
| 2025-04-16 | CVE-2025-32433 | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A... | Cloud_native_broadband_network_gateway, Confd_basic, Enterprise_nfv_infrastructure_software, Inode_manager, Ncs_2000_shelf_virtualization_orchestrator_firmware, Network_services_orchestrator, Optical_site_manager, Rv160_firmware, Rv160w_firmware, Rv260_firmware, Rv260p_firmware, Rv260w_firmware, Rv340_firmware, Rv340w_firmware, Rv345_firmware, Rv345p_firmware, Smart_phy, Staros, Ultra_cloud_core, Ultra_packet_core, Ultra_services_platform, Erlang\/otp | N/A | ||
| 2024-05-16 | CVE-2024-20326 | A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or... | Confd_basic, Confd_premium, Crosswork_network_services_orchestrator | N/A |