PT-2023-1281 · Cisco · Cisco Iox+2

Kasimir Schulz

Publicado

2023-02-01

Atualizado

2023-04-05

CVE-2023-20076

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This issue is due to incomplete sanitization of parameters passed for application activation. An attacker could exploit this by deploying and activating an application with a crafted activation payload file, potentially allowing the execution of arbitrary commands as root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-233CWE-77

Identificadores relacionados

BDU:2023-00549

CVE-2023-20076

Produtos afetados

Cisco Iox

Cisco Ios

Cisco Ios Xe

PT-2023-1281 · Cisco · Cisco Iox+2

CVE-2023-20076

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5