Cisco Confd Basic
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cisco Confd Basic.
By the Year
In 2025 there have been 1 vulnerability in Cisco Confd Basic with an average score of 10.0 out of ten. Last year, in 2024 Confd Basic had 2 security vulnerabilities published. Right now, Confd Basic is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 10.00 |
| 2024 | 2 | 0.00 |
It may take a day or so for new Confd Basic vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Confd Basic Security Vulnerabilities
Unauth RCE in Erlang/OTP SSH Server <27.3.3
CVE-2025-32433
10 - Critical
- April 16, 2025
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Missing Authentication for Critical Function
ConfD/Cisco Crosswork CLI Auth Bypass: Local LPE via Arbitrary File Access
CVE-2024-20326
- May 16, 2024
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
ConfD CLI & Cisco Crosswork NSO CLI: Local Auth Esc to Root via File Ops
CVE-2024-20389
- May 16, 2024
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Confd Basic or by Cisco? Click the Watch button to subscribe.
