PT-2023-1281 · Cisco · Cisco Iox+2

Kasimir Schulz

Published

2023-02-01

Updated

2023-04-05

CVE-2023-20076

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This issue is due to incomplete sanitization of parameters passed for application activation. An attacker could exploit this by deploying and activating an application with a crafted activation payload file, potentially allowing the execution of arbitrary commands as root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-233CWE-77

Related Identifiers

BDU:2023-00549

CVE-2023-20076

Affected Products

Cisco Iox

Cisco Ios

Cisco Ios Xe

PT-2023-1281 · Cisco · Cisco Iox+2

CVE-2023-20076

Weakness Enumeration

Related Identifiers

Affected Products

References · 5