Vulnerability Bulletins

Cisco Network Services Orchestrator Path Traversal Vulnerability


System information

   
Affected software Cisco

Description

A vulnerability in the RESTCONF and NETCONF services of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when either RESTCONF or NETCONF is used to upload packages to an affected device. An attacker could

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Network%20Services%20Orchestrator%20Path%20Traversal%20Vulnerability&vs_k=1

Standar resources

Property Value
CVE CVE-2023-20040.

Version history

Version Comments Date
1.0 Advisory issued 2023-02-04
Ministerio de Defensa
CNI
CCN
CCN-CERT