Cisco ConfD CLI Command Injection Vulnerability (CVSS 8.8)

Key Information 1. Vulnerability Description: - Name: ConfD CLI Command Injection Vulnerability - Impact: CLI command injection vulnerability - Severity: High - CVSS Score: 8.8 2. Affected Products: - Product: ConfD - Affected Versions: 6.3 and earlier versions 3. Vulnerability Details: - Cause: Insufficient validation of CLI command parameters - Attack Method: Attackers can inject commands and execute arbitrary commands - Impact: Can execute commands with root privileges 4. Remediation: - Fix Released: Fixes for versions 6.3 and earlier have been released - Mechanism: Vulnerability is resolved by updating to a newer software version 5. Affected Versions: - Confirmed Affected Versions: 6.3 and earlier - Confirmed Unaffected Versions: 6.4 and later 6. Security Recommendations: - Regular Checks: Regularly check for security updates for affected products - Apply Patches: Install the released security patches 7. Source: - Discovery Method: Internal security testing 8. Related Links: - Security Advisory: Security Advisory Link Summary This vulnerability is a high-severity command injection flaw affecting the handling of ConfD CLI commands. Attackers can inject commands to execute arbitrary code with root privileges on affected devices. A fix has been released for versions 6.3 and earlier. Affected users are advised to upgrade to version 6.4 or later to resolve this vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco ConfD CLI Command Injection Vulnerability (CVSS 8.8)