cvelistv5 - cve-2024-20489

CVE-2024-20489 (GCVE-0-2024-20489)

Vulnerability from cvelistv5 – Published: 2024-09-11 16:39 – Updated: 2024-09-11 20:12

Summary

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-256 - Unprotected Storage of Credentials

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XR Software	Affected: 24.1.1 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "24.1.1"
              },
              {
                "status": "affected",
                "version": "24.2.1"
              },
              {
                "status": "affected",
                "version": "24.1.2"
              },
              {
                "status": "affected",
                "version": "24.2.11"
              },
              {
                "status": "affected",
                "version": "24.3.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T20:04:09.480088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T20:12:26.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "24.1.1"
            },
            {
              "status": "affected",
              "version": "24.2.1"
            },
            {
              "status": "affected",
              "version": "24.1.2"
            },
            {
              "status": "affected",
              "version": "24.2.11"
            },
            {
              "status": "affected",
              "version": "24.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\r\n\r\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "Unprotected Storage of Credentials",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T16:39:06.449Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
        "defects": [
          "CSCwi81017"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Routed Passive Optical Network Cleartext Password Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20489",
    "datePublished": "2024-09-11T16:39:06.449Z",
    "dateReserved": "2023-11-08T15:08:07.685Z",
    "dateUpdated": "2024-09-11T20:12:26.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCE8E968-111F-4F57-93D3-E509AB540B87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B342A550-8600-45CF-8B9A-530770C9A0F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11288A28-F0CF-4FEC-A0B7-3D93866F01FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:24.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FD120B9-0671-473C-8420-872E5BB9933F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\\r\\n\\r\\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el m\\u00e9todo de almacenamiento del archivo de configuraci\\u00f3n del controlador PON podr\\u00eda permitir que un atacante local autenticado con privilegios bajos obtenga las credenciales de MongoDB. Esta vulnerabilidad se debe al almacenamiento inadecuado de las credenciales de la base de datos sin cifrar en el dispositivo que ejecuta el software Cisco IOS XR. Un atacante podr\\u00eda aprovechar esta vulnerabilidad accediendo a los archivos de configuraci\\u00f3n en un sistema afectado. Una explotaci\\u00f3n exitosa podr\\u00eda permitir al atacante ver las credenciales de MongoDB.\"}]",
      "id": "CVE-2024-20489",
      "lastModified": "2024-10-03T01:40:11.637",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-09-11T17:15:13.393",
      "references": "[{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-256\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-20489\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2024-09-11T17:15:13.393\",\"lastModified\":\"2024-10-03T01:40:11.637\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\\r\\n\\r\\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el m\u00e9todo de almacenamiento del archivo de configuraci\u00f3n del controlador PON podr\u00eda permitir que un atacante local autenticado con privilegios bajos obtenga las credenciales de MongoDB. Esta vulnerabilidad se debe al almacenamiento inadecuado de las credenciales de la base de datos sin cifrar en el dispositivo que ejecuta el software Cisco IOS XR. Un atacante podr\u00eda aprovechar esta vulnerabilidad accediendo a los archivos de configuraci\u00f3n en un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ver las credenciales de MongoDB.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-256\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE8E968-111F-4F57-93D3-E509AB540B87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B342A550-8600-45CF-8B9A-530770C9A0F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11288A28-F0CF-4FEC-A0B7-3D93866F01FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FD120B9-0671-473C-8420-872E5BB9933F\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20489\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-11T20:04:09.480088Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ios_xr\", \"versions\": [{\"status\": \"affected\", \"version\": \"24.1.1\"}, {\"status\": \"affected\", \"version\": \"24.2.1\"}, {\"status\": \"affected\", \"version\": \"24.1.2\"}, {\"status\": \"affected\", \"version\": \"24.2.11\"}, {\"status\": \"affected\", \"version\": \"24.3.1\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T20:12:12.959Z\"}}], \"cna\": {\"title\": \"Cisco Routed Passive Optical Network Cleartext Password Vulnerability\", \"source\": {\"defects\": [\"CSCwi81017\"], \"advisory\": \"cisco-sa-iosxr-ponctlr-ci-OHcHmsFL\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS XR Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"24.1.1\"}, {\"status\": \"affected\", \"version\": \"24.2.1\"}, {\"status\": \"affected\", \"version\": \"24.1.2\"}, {\"status\": \"affected\", \"version\": \"24.2.11\"}, {\"status\": \"affected\", \"version\": \"24.3.1\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL\", \"name\": \"cisco-sa-iosxr-ponctlr-ci-OHcHmsFL\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\\r\\n\\r\\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-256\", \"description\": \"Unprotected Storage of Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-09-11T16:39:06.449Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-20489\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-11T20:12:26.719Z\", \"dateReserved\": \"2023-11-08T15:08:07.685Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-09-11T16:39:06.449Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CISCO-SA-IOSXR-PONCTLR-CI-OHCHMSFL

Vulnerability from csaf_cisco - Published: 2024-09-11 16:00 - Updated: 2024-09-11 16:00

Summary

Cisco Routed Passive Optical Network Controller Vulnerabilities

Notes

Summary

Multiple vulnerabilities in Cisco Routed Passive Optical Network (PON) Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker to perform command injection attacks, execute arbitrary commands on the affected system, or retrieve a cleartext password. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. Cisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].

Vulnerable Products

These vulnerabilities affect the following Cisco hardware platforms if they are running a vulnerable release of Cisco IOS XR Software and are configured with the Routed PON Controller feature: Network Convergence System (NCS) 540 Series Routers NCS 540-24Q8L2DD-SYS Router NCS 540-24Z8Q2C-SYS Router NCS 540-28Z4C-SYS-A Router NCS 540-28Z4C-SYS-D Router NCS 540-ACC-SYS Router NCS 540X-16Z4G8Q2C-A Router NCS 540X-16Z4G8Q2C-D Router NCS 5500 Series NCS 55A1-24Q6H-SS NCS 55A2-MOD-SE-S NCS 5700 Series NCS-57C1-48Q6-SYS NCS 57C3-MOD For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. For information about the Cisco PON Controller solution, see the Cisco Routed Passive Optical Network Deployment Guide. ["https://www.cisco.com/c/en/us/td/docs/iosxr/pon/guides/b-cisco-pon-solution.html"] Determine Whether PON Controller Software is Enabled To determine whether Cisco IOS XR Software has the PON Controller enabled, use the show running-config pon-ctlr command on the CLI of an affected device. The device is affected by these vulnerabilities if the command returns output indicating that the PON Controller is configured on a device, as shown in the following example: RP/0/RP0/CPU0:Router#show running-config pon-ctrl Wed Sep 11 03:00:53.842 UTC pon-ctlr cfg-file harddisk:/PonCntlInit.json vrf default RP/0/RP0/CPU0:Router# . . . If the output is empty or the command does not exist, the device is not affected by these vulnerabilities.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities. Cisco has confirmed that these vulnerabilities do not affect the following Cisco products: IOS Software IOS XE Software NX-OS Software

Details

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities. Details about the vulnerabilities are as follows: CVE-2024-20483: Cisco Routed PON Controller Command Injection Vulnerabilities Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller. Cisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Bug ID(s): CSCwi81012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81012"], CSCwi81013 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81013"] CVE ID: CVE-2024-20483 Security Impact Rating (SIR): High CVSS Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-20489: Cisco Routed PON Controller Cleartext Password Vulnerability A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials. Cisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCwi81017 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81017"] CVE ID: CVE-2024-20489 Security Impact Rating (SIR): High CVSS Base Score: 8.4 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Workarounds

There are no workarounds that address these vulnerabilities. However, administrators may choose to restrict MongoDB access to IP addresses of the PON Manager and each Cisco IOS XR Software PON Controller. For help with implementing these restrictions, refer to the MongoDB documentation. While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

Cisco plans to release software updates that address vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. The Cisco Support and Downloads page ["https://www.cisco.com/c/en/us/support/index.html"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table, the left column lists Cisco software releases or trains. The right column indicates whether a release (train) is affected by the vulnerability that is described in this advisory and the first release that includes the fix for this vulnerability. Cisco Routed PON Controller Software in Cisco IOS XR1 First Fixed Release 7.11 and earlier Not vulnerable. 24.1 and later Migrate to a fixed release. 24.2 and later Migrate to a fixed release. 24.3 and later Migrate to a fixed release. 24.4.1 (Nov 2024) Not vulnerable. 1. Cisco Routed PON Controller Software is bundled with Cisco IOS XR Software as an optional RPM Package Manager. The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. After upgrading to fixed software, a configuration change is required in the PonCntlInit.json file to use a keyring to store the MongoDB password. Instructions for PonCntlInit.json Configuration Change After upgrading to fixed software, replace the MongoDB password field in the PonCntlInit.json file with the password_opts field, as shown in the following example. Before the configuration change, the MongoDB password field will appear as shown in the following example: "MongoDB": { "auth_db": "tibit_users", . . . . "password": "MongoDBPassword", . . } After upgrading to fixed software, replace the MongoDB password field with the password_opts field, as shown in the following example: "MongoDB": { . . . "password_opts": { "type": "keyring", "keyring_path": "/etc/cisco/poncntl/keyring.data", "keyring_key_path": "/etc/cisco/poncntl/keyring.key" }, . . } Once the PonCntlInit.json file has been edited, update the Cisco IOS XR Software configuration to include the database password. Once the configuration is saved, the password will be shown in encrypted format when the show running-config command is performed, as shown in the following example: Router#conf t Wed Sep 11 16:00:00.000 UTC Router(config)#pon-ctlr Router(config-ponctlr)#cfg-file /harddisk:/PonCntlInit.json db-password <MongoDB Password> Router(config-ponctlr)#end RP/0/RP0/CPU0:Sep 11 16:00:00.000 UTC: config[67636]: %MGBL-SYS-5-CONFIG_I : Configured from console by admin Router#show running-config pon-ctlr Wed Sep 11 16:00:00.000 UTC pon-ctlr cfg-file /harddisk:/PonCntlInit.json db-password 0525253C1E6E6925 ! Router#

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Source

These vulnerabilities were found during internal security testing by James Spadaro of the Cisco Advanced Security Initiatives Group (ASIG).

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "These vulnerabilities were found during internal security testing by James Spadaro of the Cisco Advanced Security Initiatives Group (ASIG)."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities in Cisco Routed Passive Optical Network (PON) Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker to perform command injection attacks, execute arbitrary commands on the affected system, or retrieve a cleartext password.\r\n\r\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\r\n\r\nCisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\n\r\n\r\nThis advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416\"].",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "These vulnerabilities affect the following Cisco hardware platforms if they are running a vulnerable release of Cisco IOS XR Software and are configured with the Routed PON Controller feature:\r\n\r\nNetwork Convergence System (NCS) 540 Series Routers\r\n\r\nNCS 540-24Q8L2DD-SYS Router\r\nNCS 540-24Z8Q2C-SYS Router\r\nNCS 540-28Z4C-SYS-A Router\r\nNCS 540-28Z4C-SYS-D Router\r\nNCS 540-ACC-SYS Router\r\nNCS 540X-16Z4G8Q2C-A Router\r\nNCS 540X-16Z4G8Q2C-D Router\r\n\r\nNCS 5500 Series\r\n\r\nNCS 55A1-24Q6H-SS\r\nNCS 55A2-MOD-SE-S\r\n\r\nNCS 5700 Series\r\n\r\nNCS-57C1-48Q6-SYS\r\nNCS 57C3-MOD\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n\r\nFor information about the Cisco PON Controller solution, see the Cisco Routed Passive Optical Network Deployment Guide. [\"https://www.cisco.com/c/en/us/td/docs/iosxr/pon/guides/b-cisco-pon-solution.html\"]\r\n\r\nDetermine Whether PON Controller Software is Enabled\r\n\r\nTo determine whether Cisco IOS XR Software has the PON Controller enabled, use the show running-config pon-ctlr command on the CLI of an affected device. The device is affected by these vulnerabilities if the command returns output indicating that the PON Controller is configured on a device, as shown in the following example:\r\n\r\n\r\nRP/0/RP0/CPU0:Router#show running-config pon-ctrl\r\nWed Sep 11 03:00:53.842 UTC\r\npon-ctlr\r\n cfg-file harddisk:/PonCntlInit.json vrf default\r\nRP/0/RP0/CPU0:Router#\r\n.\r\n.\r\n.\r\n\r\nIf the output is empty or the command does not exist, the device is not affected by these vulnerabilities.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.\r\n\r\nCisco has confirmed that these vulnerabilities do not affect the following Cisco products:\r\n\r\nIOS Software\r\nIOS XE Software\r\nNX-OS Software",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.\r\n\r\nDetails about the vulnerabilities are as follows:\r\n\r\nCVE-2024-20483: Cisco Routed PON Controller Command Injection Vulnerabilities\r\n\r\nMultiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.\r\n\r\nThese vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller.\r\n\r\nCisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\nBug ID(s): CSCwi81012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81012\"], CSCwi81013 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81013\"]\r\nCVE ID: CVE-2024-20483\r\nSecurity Impact Rating (SIR): High\r\nCVSS Base Score: 7.2\r\nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\r\n\r\nCVE-2024-20489: Cisco Routed PON Controller Cleartext Password Vulnerability\r\n\r\nA vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\r\n\r\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.\r\n\r\nCisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nBug ID(s): CSCwi81017 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81017\"]\r\nCVE ID: CVE-2024-20489\r\nSecurity Impact Rating (SIR): High\r\nCVSS Base Score: 8.4\r\nCVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "title": "Details"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address these vulnerabilities. However, administrators may choose to restrict MongoDB access to IP addresses of the PON Manager and each Cisco IOS XR Software PON Controller. For help with implementing these restrictions, refer to the MongoDB documentation.\r\n\r\nWhile this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco plans to release software updates that address vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.\r\n\r\nCustomers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nThe Cisco Support and Downloads page [\"https://www.cisco.com/c/en/us/support/index.html\"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nIn the following table, the left column lists Cisco software releases or trains. The right column indicates whether a release (train) is affected by the vulnerability that is described in this advisory and the first release that includes the fix for this vulnerability.\r\n        Cisco Routed PON Controller Software in Cisco IOS XR1  First Fixed Release          7.11 and earlier  Not vulnerable.      24.1 and later  Migrate to a fixed release.      24.2 and later  Migrate to a fixed release.      24.3 and later  Migrate to a fixed release.      24.4.1 (Nov 2024)  Not vulnerable.\r\n1. Cisco Routed PON Controller Software is bundled with Cisco IOS XR Software as an optional RPM Package Manager.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.\r\n\r\nAfter upgrading to fixed software, a configuration change is required in the PonCntlInit.json file to use a keyring to store the MongoDB password.\r\n\r\nInstructions for PonCntlInit.json Configuration Change\r\n\r\nAfter upgrading to fixed software, replace the MongoDB password field in the PonCntlInit.json file with the password_opts field, as shown in the following example.\r\n\r\nBefore the configuration change, the MongoDB password field will appear as shown in the following example:\r\n\r\n\r\n\"MongoDB\": {\r\n        \"auth_db\": \"tibit_users\",\r\n.\r\n.\r\n.\r\n.\r\n      \"password\": \"MongoDBPassword\",\r\n.\r\n.\r\n}\r\n\r\nAfter upgrading to fixed software, replace the MongoDB password field with the password_opts field, as shown in the following example:\r\n\r\n\r\n\r\n\"MongoDB\": {\r\n.\r\n.\r\n.\r\n\"password_opts\": {\r\n\"type\": \"keyring\",\r\n\"keyring_path\": \"/etc/cisco/poncntl/keyring.data\",\r\n\"keyring_key_path\": \"/etc/cisco/poncntl/keyring.key\"\r\n},\r\n.\r\n.\r\n}\r\n\r\nOnce the PonCntlInit.json file has been edited, update the Cisco IOS XR Software configuration to include the database password. Once the configuration is saved, the password will be shown in encrypted format when the show running-config command is performed, as shown in the following example:\r\n\r\n\r\nRouter#conf t\r\nWed Sep 11 16:00:00.000 UTC\r\nRouter(config)#pon-ctlr\r\nRouter(config-ponctlr)#cfg-file /harddisk:/PonCntlInit.json db-password \u003cMongoDB Password\u003e\r\nRouter(config-ponctlr)#end\r\nRP/0/RP0/CPU0:Sep 11 16:00:00.000 UTC: config[67636]: %MGBL-SYS-5-CONFIG_I : Configured from console by admin\r\nRouter#show running-config pon-ctlr\r\nWed Sep 11 16:00:00.000 UTC\r\npon-ctlr\r\n cfg-file /harddisk:/PonCntlInit.json db-password 0525253C1E6E6925\r\n!\r\nRouter#",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "These vulnerabilities were found during internal security testing by James Spadaro of the Cisco Advanced Security Initiatives Group (ASIG).",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Routed Passive Optical Network Controller Vulnerabilities",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
      },
      {
        "category": "external",
        "summary": "Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication",
        "url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Cisco Routed Passive Optical Network Deployment Guide.",
        "url": "https://www.cisco.com/c/en/us/td/docs/iosxr/pon/guides/b-cisco-pon-solution.html"
      },
      {
        "category": "external",
        "summary": "CSCwi81012",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81012"
      },
      {
        "category": "external",
        "summary": "CSCwi81013",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81013"
      },
      {
        "category": "external",
        "summary": "CSCwi81017",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi81017"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "Cisco Support and Downloads page",
        "url": "https://www.cisco.com/c/en/us/support/index.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco Routed Passive Optical Network Controller Vulnerabilities",
    "tracking": {
      "current_release_date": "2024-09-11T16:00:00+00:00",
      "generator": {
        "date": "2024-09-11T15:47:07+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
      "initial_release_date": "2024-09-11T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2024-09-11T15:46:32+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco IOS XR Software",
            "product": {
              "name": "Cisco IOS XR Software ",
              "product_id": "CSAFPID-5834"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-20483",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwi81012"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwi81013"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-5834"
        ]
      },
      "release_date": "2024-09-11T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-5834"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-5834"
          ]
        }
      ],
      "title": "Cisco IOS XR PON Controller Command Injection Vulnerabilities"
    },
    {
      "cve": "CVE-2024-20489",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwi81017"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-5834"
        ]
      },
      "release_date": "2024-09-11T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-5834"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-5834"
          ]
        }
      ],
      "title": "Cisco Routed Passive Optical Network Cleartext Password Vulnerability"
    }
  ]
}

GSD-2024-20489

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-20489

Aliases

CVE-2024-20489

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2024-20489",
    "id": "GSD-2024-20489"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-20489"
      ],
      "id": "GSD-2024-20489",
      "modified": "2023-12-13T01:21:42.808197Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-20489",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2024-20489

Vulnerability from fkie_nvd - Published: 2024-09-11 17:15 - Updated: 2024-10-03 01:40

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xr	24.1.1
cisco	ios_xr	24.1.2
cisco	ios_xr	24.2.1
cisco	ios_xr	24.2.11
cisco	ios_xr	24.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE8E968-111F-4F57-93D3-E509AB540B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B342A550-8600-45CF-8B9A-530770C9A0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "11288A28-F0CF-4FEC-A0B7-3D93866F01FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:24.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FD120B9-0671-473C-8420-872E5BB9933F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\r\n\r\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el m\u00e9todo de almacenamiento del archivo de configuraci\u00f3n del controlador PON podr\u00eda permitir que un atacante local autenticado con privilegios bajos obtenga las credenciales de MongoDB. Esta vulnerabilidad se debe al almacenamiento inadecuado de las credenciales de la base de datos sin cifrar en el dispositivo que ejecuta el software Cisco IOS XR. Un atacante podr\u00eda aprovechar esta vulnerabilidad accediendo a los archivos de configuraci\u00f3n en un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ver las credenciales de MongoDB."
    }
  ],
  "id": "CVE-2024-20489",
  "lastModified": "2024-10-03T01:40:11.637",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 5.8,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-11T17:15:13.393",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-256"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2024-AVI-0772

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Cisco	Crosswork NSO	Crosswork NSO versions 6.1.x antérieures à 6.1.9
Cisco	Routed Passive Optical Network Controller	Routed Passive Optical Network Controller versions antérieures à 24.4.1
Cisco	IOS XR	IOS XR versions postérieures à 24.1.x et antérieures à 24.2.2
Cisco	Crosswork NSO	Crosswork NSO versions 6.2.x antérieures à 6.2.3
Cisco	IOS XR	IOS XR versions 24.4.x antérieures à 24.4.1
Cisco	Crosswork NSO	Crosswork NSO versions 5.8.x antérieures à 5.8.13.1
Cisco	ConfD	ConfD versions 7.7.x antérieures à 7.7.16
Cisco	Crosswork NSO	Crosswork NSO versions 5.5.x antérieures à 5.5.10.1
Cisco	ConfD	ConfD versions 7.5.x antérieures à 7.5.10.2
Cisco	Crosswork NSO	Crosswork NSO versions 6.0.x antérieures à 6.0.13
Cisco	Crosswork NSO	Crosswork NSO versions 5.7.x antérieures à 5.7.16
Cisco	IOS XR	IOS XR versions postérieures à 7.10.x antérieures à 7.11.21
Cisco	Crosswork NSO	Crosswork NSO versions 5.6.x antérieures à 5.6.14.3
Cisco	ConfD	ConfD versions 8.0.x antérieures à 8.0.13
Cisco	Optical Site Manager	Optical Site Manager versions antérieures à 24.3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-nso-auth-bypass-QnTEesp	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxr-ponctlr-ci-OHcHmsFL	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-isis-xehpbVNe	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-l2services-2mvHdNuC	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxr-priv-esc-CrG5vhCq	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-pak-mem-exhst-3ke9FeFy	2024-09-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Crosswork NSO versions 6.1.x ant\u00e9rieures \u00e0 6.1.9",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routed Passive Optical Network Controller versions ant\u00e9rieures \u00e0 24.4.1",
      "product": {
        "name": "Routed Passive Optical Network Controller",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "IOS XR versions post\u00e9rieures \u00e0 24.1.x et ant\u00e9rieures \u00e0 24.2.2 ",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "IOS XR versions 24.4.x ant\u00e9rieures \u00e0 24.4.1",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.8.x ant\u00e9rieures \u00e0 5.8.13.1",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ConfD versions 7.7.x ant\u00e9rieures \u00e0 7.7.16",
      "product": {
        "name": "ConfD",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.5.x ant\u00e9rieures \u00e0 5.5.10.1",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ConfD versions 7.5.x ant\u00e9rieures \u00e0 7.5.10.2",
      "product": {
        "name": "ConfD",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 6.0.x ant\u00e9rieures \u00e0 6.0.13",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.7.x ant\u00e9rieures \u00e0 5.7.16",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "IOS XR versions post\u00e9rieures \u00e0 7.10.x ant\u00e9rieures \u00e0 7.11.21",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.6.x ant\u00e9rieures \u00e0 5.6.14.3",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ConfD versions 8.0.x ant\u00e9rieures \u00e0 8.0.13",
      "product": {
        "name": "ConfD",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Optical Site Manager versions ant\u00e9rieures \u00e0 24.3.1",
      "product": {
        "name": "Optical Site Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-20406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20406"
    },
    {
      "name": "CVE-2024-20483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20483"
    },
    {
      "name": "CVE-2024-20317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20317"
    },
    {
      "name": "CVE-2024-20489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20489"
    },
    {
      "name": "CVE-2024-20398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20398"
    },
    {
      "name": "CVE-2024-20381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20381"
    },
    {
      "name": "CVE-2024-20304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20304"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0772",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nso-auth-bypass-QnTEesp",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-isis-xehpbVNe",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-l2services-2mvHdNuC",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-priv-esc-CrG5vhCq",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-pak-mem-exhst-3ke9FeFy",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy"
    }
  ]
}

CERTFR-2024-AVI-0772

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Cisco	Crosswork NSO	Crosswork NSO versions 6.1.x antérieures à 6.1.9
Cisco	Routed Passive Optical Network Controller	Routed Passive Optical Network Controller versions antérieures à 24.4.1
Cisco	IOS XR	IOS XR versions postérieures à 24.1.x et antérieures à 24.2.2
Cisco	Crosswork NSO	Crosswork NSO versions 6.2.x antérieures à 6.2.3
Cisco	IOS XR	IOS XR versions 24.4.x antérieures à 24.4.1
Cisco	Crosswork NSO	Crosswork NSO versions 5.8.x antérieures à 5.8.13.1
Cisco	ConfD	ConfD versions 7.7.x antérieures à 7.7.16
Cisco	Crosswork NSO	Crosswork NSO versions 5.5.x antérieures à 5.5.10.1
Cisco	ConfD	ConfD versions 7.5.x antérieures à 7.5.10.2
Cisco	Crosswork NSO	Crosswork NSO versions 6.0.x antérieures à 6.0.13
Cisco	Crosswork NSO	Crosswork NSO versions 5.7.x antérieures à 5.7.16
Cisco	IOS XR	IOS XR versions postérieures à 7.10.x antérieures à 7.11.21
Cisco	Crosswork NSO	Crosswork NSO versions 5.6.x antérieures à 5.6.14.3
Cisco	ConfD	ConfD versions 8.0.x antérieures à 8.0.13
Cisco	Optical Site Manager	Optical Site Manager versions antérieures à 24.3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-nso-auth-bypass-QnTEesp	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxr-ponctlr-ci-OHcHmsFL	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-isis-xehpbVNe	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-l2services-2mvHdNuC	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxr-priv-esc-CrG5vhCq	2024-09-11	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-pak-mem-exhst-3ke9FeFy	2024-09-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Crosswork NSO versions 6.1.x ant\u00e9rieures \u00e0 6.1.9",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routed Passive Optical Network Controller versions ant\u00e9rieures \u00e0 24.4.1",
      "product": {
        "name": "Routed Passive Optical Network Controller",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "IOS XR versions post\u00e9rieures \u00e0 24.1.x et ant\u00e9rieures \u00e0 24.2.2 ",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "IOS XR versions 24.4.x ant\u00e9rieures \u00e0 24.4.1",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.8.x ant\u00e9rieures \u00e0 5.8.13.1",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ConfD versions 7.7.x ant\u00e9rieures \u00e0 7.7.16",
      "product": {
        "name": "ConfD",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.5.x ant\u00e9rieures \u00e0 5.5.10.1",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ConfD versions 7.5.x ant\u00e9rieures \u00e0 7.5.10.2",
      "product": {
        "name": "ConfD",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 6.0.x ant\u00e9rieures \u00e0 6.0.13",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.7.x ant\u00e9rieures \u00e0 5.7.16",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "IOS XR versions post\u00e9rieures \u00e0 7.10.x ant\u00e9rieures \u00e0 7.11.21",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Crosswork NSO versions 5.6.x ant\u00e9rieures \u00e0 5.6.14.3",
      "product": {
        "name": "Crosswork NSO",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ConfD versions 8.0.x ant\u00e9rieures \u00e0 8.0.13",
      "product": {
        "name": "ConfD",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Optical Site Manager versions ant\u00e9rieures \u00e0 24.3.1",
      "product": {
        "name": "Optical Site Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-20406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20406"
    },
    {
      "name": "CVE-2024-20483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20483"
    },
    {
      "name": "CVE-2024-20317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20317"
    },
    {
      "name": "CVE-2024-20489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20489"
    },
    {
      "name": "CVE-2024-20398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20398"
    },
    {
      "name": "CVE-2024-20381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20381"
    },
    {
      "name": "CVE-2024-20304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20304"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0772",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nso-auth-bypass-QnTEesp",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-isis-xehpbVNe",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-l2services-2mvHdNuC",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-priv-esc-CrG5vhCq",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-pak-mem-exhst-3ke9FeFy",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy"
    }
  ]
}

GHSA-3WFW-CF7H-38C7

Vulnerability from github – Published: 2024-09-11 18:31 – Updated: 2024-09-11 18:31

Details

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.

This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.

Severity ?

8.4 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-20489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-11T17:15:13Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\n\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.",
  "id": "GHSA-3wfw-cf7h-38c7",
  "modified": "2024-09-11T18:31:08Z",
  "published": "2024-09-11T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20489"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-20489 (GCVE-0-2024-20489)

CISCO-SA-IOSXR-PONCTLR-CI-OHCHMSFL

GSD-2024-20489

FKIE_CVE-2024-20489

CERTFR-2024-AVI-0772

Solutions

CERTFR-2024-AVI-0772

Solutions

GHSA-3WFW-CF7H-38C7

Tags

Sightings

Nomenclature