How severe is CVE-2023-20040?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-20040?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2023-20040 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.

Related Vulnerabilities

CVE-2020-1904

MEDIUM

CVSS:5.5(Medium)

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafte...

CWE-232020

CVE-2022-34378

MEDIUM

CVSS:5.5(Medium)

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially e...

CWE-232022

CVE-2023-23391

MEDIUM

CVSS:5.5(Medium)

Office for Android Spoofing Vulnerability

CWE-232023

CVE-2024-32115

MEDIUM

CVSS:5.5(Medium)

A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via c...

CWE-232024

CVE-2024-43614

MEDIUM

CVSS:5.5(Medium)

Microsoft Defender for Endpoint for Linux Spoofing Vulnerability

CWE-232024

CVE-2020-3597

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. ...

CWE-232020