Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cisco confd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-20655
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker coul...
7.8
CVSSv3
CVE-2021-1572
A vulnerability in ConfD could allow an authenticated, local malicious user to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. ...
Cisco Confd
Cisco Network Services Orchestrator
4.9
CVSSv3
CVE-2017-6777
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote malicious user to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could ...
Cisco Elastic Services Controller 2.3\\(2\\)
Cisco Elastic Services Controller 2.3
8.8
CVSSv3
CVE-2017-6682
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).
Cisco Elastic Services Controller 2.2\\(9.76\\)
5.5
CVSSv3
CVE-2017-6695
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local malicious user to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839.
Cisco Ultra Services Platform 21.0.v0.65839
3.3
CVSSv3
CVE-2018-0106
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local malicious user to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit ...
Cisco Elastic Services Controller
7.8
CVSSv3
CVE-2022-20762
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local malicious user to escalate privileges on an affected device. This vulnerability is due to ins...
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure
5.5
CVSSv3
CVE-2017-6693
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local malicious user to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Aff...
Cisco Elastic Services Controller 2.2\\(9.76\\)
Cisco Elastic Services Controller 2.3\\(1\\)
6.5
CVSSv3
CVE-2017-6691
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).
Cisco Elastic Services Controller 2.3\\(2\\)
8.8
CVSSv3
CVE-2017-6689
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affec...
Cisco Elastic Services Controller 2.2\\(9.76\\)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »