OpenCVE

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Cisco	807 Industrial Integrated Services Router 807 Industrial Integrated Services Router Firmware 809 Industrial Integrated Services Router 809 Industrial Integrated Services Router Firmware 829 Industrial Integrated Services Router 829 Industrial Integrated Services Router Firmware Cgr1000 Cgr1000 Firmware Cgr1240 Cgr1240 Firmware Ic3000 Industrial Compute Gateway Ios Xe Iox Ir510 Wpan Ir510 Wpan Firmware

Configuration 1 [-]

cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:cisco:iox:-:::::::*
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe:17.10.0:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:cgr1240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:cgr1240:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:cgr1000:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:ir510_wpan_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware::::::::
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m1:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2a:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m3:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4a:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m5:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6a:::::::*
	cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6b:::::::*

cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware::::::::
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m1:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2a:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m3:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4a:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m5:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6a:::::::*
	cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6b:::::::*

cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware::::::::
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m1:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2a:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m3:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4a:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m5:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6a:::::::*
	cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6b:::::::*

cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL

History

Mon, 28 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-02-12T00:00:00

Updated: 2024-10-28T16:34:17.566Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20076

Vulnrichment

Updated: 2024-08-02T08:57:35.567Z

NVD

Status : Modified

Published: 2023-02-12T04:15:19.287

Modified: 2023-11-07T04:05:57.277

Link: CVE-2023-20076

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object