CVE-2023-20076 - OpenCVE

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	807 Industrial Integrated Services Router 807 Industrial Integrated Services Router Firmware 809 Industrial Integrated Services Router 809 Industrial Integrated Services Router Firmware 829 Industrial Integrated Services Router 829 Industrial Integrated Services Router Firmware Cgr1000 Cgr1000 Firmware Cgr1240 Cgr1240 Firmware Ic3000 Industrial Compute Gateway Ios Xe Iox Ir510 Wpan Ir510 Wpan Firmware

Configuration 1 [-]

cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:cisco:iox:-:::::::*
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe:17.10.0:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:cgr1240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:cgr1240:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:cgr1000:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:ir510_wpan_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware::::::::
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m1:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2a:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m3:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4a:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m5:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6a:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6b:::::::*

cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware::::::::
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m1:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2a:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m3:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4a:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m5:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6a:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6b:::::::*

cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware::::::::
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m1:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2a:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m3:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4a:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m5:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6a:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6b:::::::*

cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-02-12T00:00:00

Updated: 2024-08-02T08:57:35.567Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20076

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-12T04:15:19.287

Modified: 2023-11-07T04:05:57.277

Link: CVE-2023-20076

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object