PT-2023-2224 · Cisco · Cisco Ios Xe

Benoit Malaboeuf

Publicado

2023-03-22

Atualizado

2024-01-25

CVE-2023-20065

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the Cisco IOx application hosting subsystem could allow an authenticated, local attacker to elevate privileges to root on an affected device. This issue is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container, potentially allowing the execution of arbitrary commands on the underlying operating system with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2023-01976

CVE-2023-20065

Produtos afetados

Cisco Ios Xe

PT-2023-2224 · Cisco · Cisco Ios Xe

CVE-2023-20065

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7