Vulnerabilities > Cisco > Network Services Orchestrator > 6.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-20381 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. | 8.8 |
| 2024-05-15 | CVE-2024-20366 | Uncontrolled Search Path Element vulnerability in Cisco Network Services Orchestrator 6.0/6.0.1/6.0.1.1 A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. | 7.8 |
| 2024-05-15 | CVE-2024-20369 | Open Redirect vulnerability in Cisco Network Services Orchestrator A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. | 6.1 |