Boletines de Vulnerabilidades

Cisco Network Services Orchestrator Path Traversal Vulnerability


Información sobre el sistema

   
Software afectado Cisco

Descripción

A vulnerability in the RESTCONF and NETCONF services of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when either RESTCONF or NETCONF is used to upload packages to an affected device. An attacker could

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Network%20Services%20Orchestrator%20Path%20Traversal%20Vulnerability&vs_k=1

Identificadores estándar

Propiedad Valor
CVE CVE-2023-20040.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2023-02-04

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT