admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/20xxx/CVE-2024-20383.json
CVE Team 06543a1a5f
"-Synchronized-Data."
2024-05-15 19:00:35 +00:00

191 lines
8.8 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-20383",
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system.\r\n\r The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email and Web Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0.0-087"
},
{
"version_affected": "=",
"version_value": "11.0.0-115"
},
{
"version_affected": "=",
"version_value": "11.0.1-161"
},
{
"version_affected": "=",
"version_value": "11.5.1-105"
},
{
"version_affected": "=",
"version_value": "12.0.0-452"
},
{
"version_affected": "=",
"version_value": "12.0.1-011"
},
{
"version_affected": "=",
"version_value": "12.5.0-636"
},
{
"version_affected": "=",
"version_value": "12.5.0-658"
},
{
"version_affected": "=",
"version_value": "12.5.0-678"
},
{
"version_affected": "=",
"version_value": "12.5.0-670"
},
{
"version_affected": "=",
"version_value": "13.0.0-277"
},
{
"version_affected": "=",
"version_value": "13.6.2-078"
},
{
"version_affected": "=",
"version_value": "13.8.1-068"
},
{
"version_affected": "=",
"version_value": "13.8.1-074"
},
{
"version_affected": "=",
"version_value": "13.8.1-108"
},
{
"version_affected": "=",
"version_value": "12.8.1-002"
},
{
"version_affected": "=",
"version_value": "12.8.1-021"
},
{
"version_affected": "=",
"version_value": "14.0.0-404"
},
{
"version_affected": "=",
"version_value": "14.1.0-223"
},
{
"version_affected": "=",
"version_value": "14.1.0-227"
},
{
"version_affected": "=",
"version_value": "14.2.0-212"
},
{
"version_affected": "=",
"version_value": "14.2.0-224"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
},
{
"version_affected": "=",
"version_value": "14.3.0-120"
},
{
"version_affected": "=",
"version_value": "15.0.0-334"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD"
}
]
},
"source": {
"advisory": "cisco-sa-esa-sma-wsa-xss-bgG5WHOD",
"discovery": "EXTERNAL",
"defects": [
"CSCwi59618"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink