Known Vulnerabilities for Network Services Orchestrator by Cisco

Listed below are 4 of the newest known vulnerabilities associated with "Network Services Orchestrator" by "Cisco".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-1572 A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the accou... 7.8 - HIGH 2021-08-04 2022-07-15
CVE-2020-3362 A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to acces... 4.7 - MEDIUM 2020-06-18 2021-08-06
CVE-2018-0463 A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow ... 7.5 - HIGH 2018-10-05 2019-10-09
CVE-2018-0274 A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker ... 8.8 - HIGH 2018-06-07 2020-09-04

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoNetwork Services Orchestrator5.3.2.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.3.2AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.3.1.2AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.3.1.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.3.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.3.0.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.3AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.3.3AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.3.2AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.3.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.3AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.2.2AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.2.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.2AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.1.2AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.1.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.1AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.0.4AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.0.3AllAllAll
ApplicationCiscoNetwork Services Orchestrator5.2.0.2AllAllAll

Popular searches for Network Services Orchestrator

Network Services Orchestrator (NSO) - Network Automation

www.cisco.com/c/en/us/products/cloud-systems-management/network-services-orchestrator/index.html

Network Services Orchestrator NSO - Network Automation SO seamlessly integrates all of your infrastructure across different technologies, vendors, and locations, simplifying life for DevOps. Learn more.

www.cisco.com/c/en/us/solutions/service-provider/solutions-cloud-providers/network-services-orchestrator-solutions.html www.cisco.com/c/en/us/solutions/service-provider/solutions-cloud-providers/network-services-orchestrator-solutions.html www.tail-f.com/network-control-system www.cisco.com/go/nso www.cisco.com/go/nso Cisco Systems Automation Computer network Network Automation Network service Orchestration (computing) DevOps Technology Solution Graphical user interface Infrastructure Extensibility Netherlands Space Office Telstra Toolchain Cloud computing Service provider Application programming interface Managed services VMware Infrastructure

Cisco Security Advisory: Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis

Cisco Security Advisory: Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability A vulnerability in the Cisco Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers SUDI for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system. There are no workarounds that address this vulnerability. Thi

Cisco Systems Vulnerability (computing) Plug and play Authentication Network service Security hacker Computer network Information Computer security Exploit (computer security) Computer configuration Server (computing) Computer hardware Access control System Windows Metafile vulnerability Software Security Network packet Identifier

© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report