← Back

CVE-2023-20076

nvd nist
Published: Feb 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

Affected (41)

Cisco
9 products
Ic3000 Industrial Compute Gateway
Ios Xe
Iox
Cgr1240 Firmware
Cgr1000 Firmware
Ir510 Wpan Firmware
829 Industrial Integrated Services Router Firmware
807 Industrial Integrated Services Router Firmware
809 Industrial Integrated Services Router Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ic3000 Industrial Compute Gateway
Before 1.4.2
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Before 17.6.5
Ios Xe
From 17.9.0 to 17.9.2
Ios Xe
Version 17.10.0
Iox
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cgr1240 Firmware
Before 1.16.0.1
Running on/withPlatform Versions
Cisco
Cgr1240
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cgr1000 Firmware
Before 1.16.0.1
Running on/withPlatform Versions
Cisco
Cgr1000
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ir510 Wpan Firmware
Before 1.10.0.1
Running on/withPlatform Versions
Cisco
Ir510 Wpan
All versions
Configuration F
11 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
829 Industrial Integrated Services Router Firmware
Before 15.9\(3\)
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m1
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m2
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m2a
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m3
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m4
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m4a
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m5
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m6a
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m6b
829 Industrial Integrated Services Router Firmware
Version 15.9(3)m
Running on/withPlatform Versions
Cisco
829 Industrial Integrated Services Router
All versions
Configuration G
11 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
807 Industrial Integrated Services Router Firmware
Before 15.9\(3\)
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m1
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m2
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m2a
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m3
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m4
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m4a
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m5
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m6a
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m6b
807 Industrial Integrated Services Router Firmware
Version 15.9(3)m
Running on/withPlatform Versions
Cisco
807 Industrial Integrated Services Router
All versions
Configuration H
11 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
809 Industrial Integrated Services Router Firmware
Before 15.9\(3\)
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m1
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m2
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m2a
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m3
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m4
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m4a
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m5
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m6a
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m6b
809 Industrial Integrated Services Router Firmware
Version 15.9(3)m
Running on/withPlatform Versions
Cisco
809 Industrial Integrated Services Router
All versions

Related CWEs

CWE-233
Improper Handling of Parameters
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.