CVE-2023-20076
Cisco IOx Application Hosting Environment Command Injection Vulnerability
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
| CWE | CWE-233 |
| Vendor | cisco |
| Product | cisco ios |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Feb 12, 2023 |
| Last Updated | Oct 28, 2024 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco ios
Be the first to know when new high vulnerabilities affecting cisco cisco ios are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Cisco / Cisco IOS
n/a