Multiple vulnerabilities in the Cisco Crosswork Network Services Orchestrator (NSO) CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco...

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system.   For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has released software updates that address...

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about...

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with...

A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker...

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading...