A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
22 Feb 2023, 14:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
References | (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Cisco ir510 Wpan
Cisco Cisco 807 Industrial Integrated Services Router Cisco 809 Industrial Integrated Services Router Cisco iox Cisco 829 Industrial Integrated Services Router Firmware Cisco ic3000 Industrial Compute Gateway Cisco cgr1240 Firmware Cisco ios Xe Cisco 829 Industrial Integrated Services Router Cisco cgr1000 Firmware Cisco 807 Industrial Integrated Services Router Firmware Cisco ir510 Wpan Firmware Cisco cgr1000 Cisco 809 Industrial Integrated Services Router Firmware Cisco cgr1240 |
|
CPE | cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:* cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:iox:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:* cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:* cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:* cpe:2.3:h:cisco:cgr1000:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:* cpe:2.3:o:cisco:cgr1240_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xe:17.10.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:* cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:* cpe:2.3:h:cisco:cgr1240:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:* cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ir510_wpan_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:* cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:* |
12 Feb 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-12 04:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-20076
Mitre link : CVE-2023-20076
CVE.ORG link : CVE-2023-20076
JSON object : View
Products Affected
cisco
- iox
- cgr1240_firmware
- cgr1240
- ir510_wpan
- 807_industrial_integrated_services_router_firmware
- cgr1000_firmware
- 809_industrial_integrated_services_router_firmware
- ir510_wpan_firmware
- 809_industrial_integrated_services_router
- 829_industrial_integrated_services_router_firmware
- cgr1000
- ios_xe
- 807_industrial_integrated_services_router
- 829_industrial_integrated_services_router
- ic3000_industrial_compute_gateway