Sign-up

ID

VAR-202302-0213


CVE

CVE-2023-20076


TITLE

Cisco Iox Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202302-157

DESCRIPTION

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system. Cisco Iox is a secure development environment of Cisco (Cisco), which combines Cisco IOS and Linux OS for secure network connection and development of IOT applications. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL

Trust: 1.53

sources: NVD: CVE-2023-20076 // CNNVD: CNNVD-202302-157 // VULMON: CVE-2023-20076

AFFECTED PRODUCTS

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m5

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m6b

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m4a

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:ltversion:15.9\(3\)

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:ltversion:15.9\(3\)

Trust: 1.0

vendor:ciscomodel:ic3000 industrial compute gatewayscope:ltversion:1.4.2

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m6b

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:17.6.5

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m2a

Trust: 1.0

vendor:ciscomodel:cgr1240scope:ltversion:1.16.0.1

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m1

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m2

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m6a

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:ltversion:15.9\(3\)

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.10.0

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m4

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m2a

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m6b

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m1

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m5

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m2

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:17.9.2

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m4a

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m6a

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:ir510 wpanscope:ltversion:1.10.0.1

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m4

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m2a

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m

Trust: 1.0

vendor:ciscomodel:cgr1000scope:ltversion:1.16.0.1

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m5

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m1

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m2

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:17.9.0

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m4a

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m6a

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m4

Trust: 1.0

vendor:ciscomodel:ioxscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2023-20076

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20076
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202302-157
value: HIGH

Trust: 0.6

NVD: CVE-2023-20076
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202302-157 // NVD: CVE-2023-20076

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2023-20076

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-157

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-157

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20076

PATCH
title:Cisco Iox Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226416
Trust: 0.6
title:Cisco: Cisco IOx Application Hosting Environment Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iox-8whgn5dl
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20076 // 
            
            
            
            CNNVD: CNNVD-202302-157

EXTERNAL IDS
db:NVDid:CVE-2023-20076
Trust: 1.7
db:AUSCERTid:ESB-2023.0608
Trust: 0.6
db:CNNVDid:CNNVD-202302-157
Trust: 0.6
db:VULMONid:CVE-2023-20076
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20076 // 
            
            
            
            CNNVD: CNNVD-202302-157 // 
            
            
            
            NVD: CVE-2023-20076

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iox-8whgn5dl
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-20076/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.0608
Trust: 0.6
sources:
            
            
            VULMON: CVE-2023-20076 // 
            
            
            
            CNNVD: CNNVD-202302-157 // 
            
            
            
            NVD: CVE-2023-20076

SOURCES
db:VULMONid:CVE-2023-20076
db:CNNVDid:CNNVD-202302-157
db:NVDid:CVE-2023-20076

LAST UPDATE DATE
2023-02-23T22:50:41.990000+00:00

SOURCES UPDATE DATE
db:CNNVDid:CNNVD-202302-157date:2023-02-23T00:00:00
db:NVDid:CVE-2023-20076date:2023-02-22T14:58:00

SOURCES RELEASE DATE
db:CNNVDid:CNNVD-202302-157date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20076date:2023-02-12T04:15:00