A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52317.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2017-03-22T19:00:00
Updated: 2024-08-05T14:39:41.300Z
Reserved: 2016-12-21T00:00:00
Link: CVE-2017-3852
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-03-22T19:59:00.197
Modified: 2017-07-12T01:29:15.817
Link: CVE-2017-3852
Redhat
No data.