Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability

A vulnerability in Cisco Crosswork NSO's Tail-f HCC function pack allows authenticated local attackers to escalate privileges to root by exploiting a user-controlled search path for executable files. This enables attackers to execute arbitrary code. Successful exploitation requires valid credentials on the affected device. Cisco has released software updates to address the vulnerability, and there are no available workarounds. The security impact rating is high, and the vulnerability is tracked as CVE-2024-20366.