CVE-2024-20389

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Services Orchestrator (affected versions not specified) ConfD (affected versions not specified)

Description A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI is related to improper authorization enforcement when specific CLI commands are used. This could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments.

Recommendations As a temporary workaround, consider disabling the affected CLI commands until a patch is available. Restrict access to the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI to minimize the risk of exploitation. Avoid using crafted arguments in CLI commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.