CVE-2023-20040

Name of the Vulnerable Software and Affected Versions Cisco Network Services Orchestrator (NSO) (affected versions not specified)

Description A vulnerability in the NETCONF service could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system running as the root user. The attacker must be a member of the admin group to exploit this vulnerability. This issue exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this by uploading a specially crafted package file, allowing them to write crafted files to arbitrary locations on the filesystem or delete arbitrary files, resulting in a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.