CVE-2023-20040 : A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (N

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.

Published 2023-01-20 07:15:16

Updated 2024-01-25 17:15:27

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversalDenial of service

Products affected by CVE-2023-20040

Cisco » Network Services Orchestrator
Versions from including (>=) 5.7 and before (<) 5.7.4
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
Matching versions
Cisco » Network Services Orchestrator
Versions from including (>=) 3.3 and before (<) 5.4.7
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
Matching versions
Cisco » Network Services Orchestrator
Versions from including (>=) 5.6 and before (<) 5.6.7
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
Matching versions
Cisco » Network Services Orchestrator
Versions from including (>=) 5.5 and before (<) 5.5.6
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
Matching versions
Cisco » Network Services Orchestrator » Version: 5.8
cpe:2.3:a:cisco:network_services_orchestrator:5.8:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-20040

EPSS FAQ

1.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-20040

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H	1.2	4.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High
5.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H	1.2	4.2	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High

CWE ids for CVE-2023-20040

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Assigned by: ykramarz@cisco.com (Secondary)
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-20040

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg

Cisco Network Services Orchestrator Path Traversal Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-20040

Products affected by CVE-2023-20040

Exploit prediction scoring system (EPSS) score for CVE-2023-20040

CVSS scores for CVE-2023-20040

CWE ids for CVE-2023-20040

References for CVE-2023-20040