A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.
Published 2023-01-20 07:15:16
Updated 2024-01-25 17:15:27
View at NVD,   CVE.org
Vulnerability category: Directory traversalDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2023-20040

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 39 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-20040

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
5.5
MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
1.2
4.2
NIST
5.5
MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
1.2
4.2
Cisco Systems, Inc.

CWE ids for CVE-2023-20040

  • The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
    Assigned by: ykramarz@cisco.com (Secondary)
  • The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-20040

Products affected by CVE-2023-20040

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!