A vulnerability has been discovered in NETCONF Access Management (NACM) in which access privileges are not being properly enforced.
On affected products, both privileged and unprivileged users have access to the RESTCONF interface. After passing authentication, the enforcement of access privileges is managed by NACM. Due to an implementation error, access privilege enforcement in NACM is not working properly.
The YANG object model accessible via the RESTCONF interface offers some privileged operations that allow the execution of arbitrary commands that run as root on the Linux shell. Because of this vulnerability, an authenticated unprivileged user can run these privileged operations and thus execute arbitrary commands as root.