{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20040", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.316Z", "datePublished": "2023-01-19T01:37:34.592Z", "dateUpdated": "2024-08-02T08:57:35.576Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:36.087Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."}], "affected": [{"vendor": "Cisco", "product": "Cisco Network Services Orchestrator", "versions": [{"version": "4.7.3", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Relative Path Traversal", "type": "cwe", "cweId": "CWE-23"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg", "name": "cisco-sa-nso-path-trvsl-zjBeMkZg"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-nso-path-trvsl-zjBeMkZg", "discovery": "INTERNAL", "defects": ["CSCwb11065"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.576Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg", "name": "cisco-sa-nso-path-trvsl-zjBeMkZg", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4BE422F-6650-403F-A560-EBA884C15FAF", "versionEndExcluding": "5.4.7", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB986CDE-4BCD-4A2D-99DB-BE900BA7F58C", "versionEndExcluding": "5.5.6", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5ABFC42-5078-4C13-A912-A83C96E72D05", "versionEndExcluding": "5.6.7", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "93EC0F10-628A-42D7-BC3D-4110FB6F9D53", "versionEndExcluding": "5.7.4", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "DAF61782-327C-4318-A4D1-DCB18CD835B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."}, {"lang": "es", "value": "Una vulnerabilidad en el servicio NETCONF de Cisco Network Services Orchestrator (NSO) podr\u00eda permitir que un atacante remoto autenticado provoque una denegaci\u00f3n de servicio (DoS) en un sistema afectado que se ejecuta como usuario ra\u00edz. Para aprovechar esta vulnerabilidad, el atacante debe ser miembro del grupo de administraci\u00f3n. Esta vulnerabilidad existe porque la entrada proporcionada por el usuario no se valida correctamente cuando se utiliza NETCONF para cargar paquetes en un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando un archivo de paquete especialmente manipulado. Un exploit exitoso podr\u00eda permitir al atacante escribir archivos manipulados en ubicaciones arbitrarias del sistema de archivos o eliminar archivos arbitrarios del sistema de archivos de un dispositivo afectado, lo que resultar\u00eda en una condici\u00f3n DoS. Nota: De forma predeterminada, durante la instalaci\u00f3n, Cisco NSO se configurar\u00e1 para ejecutarse como usuario ra\u00edz a menos que se utilice la opci\u00f3n --run-as-user."}], "id": "CVE-2023-20040", "lastModified": "2024-11-21T07:40:24.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-20T07:15:15.793", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}