← Voltar para CVEs
CVE-2023-20076
HIGH7.2
Descricao
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado2/12/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
cisco:807_industrial_integrated_services_routercisco:807_industrial_integrated_services_router_firmwarecisco:809_industrial_integrated_services_routercisco:809_industrial_integrated_services_router_firmwarecisco:829_industrial_integrated_services_routercisco:829_industrial_integrated_services_router_firmwarecisco:cgr1000cisco:cgr1000_firmwarecisco:cgr1240cisco:cgr1240_firmwarecisco:ic3000_industrial_compute_gatewaycisco:ios_xecisco:ioxcisco:ir510_wpancisco:ir510_wpan_firmware
Fraquezas (CWE)
CWE-233CWE-78
Referencias
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL(psirt@cisco.com)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.