Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-20076

Опубликовано: 12 фев. 2023
Источник: nvd
CVSS3: 7.2
CVSS3: 8.8
EPSS Низкий

Описание

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*
Версия до 1.4.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:cisco:iox:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
Версия до 17.6.5 (исключая)
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
Версия от 17.9.0 (включая) до 17.9.2 (исключая)
cpe:2.3:o:cisco:ios_xe:17.10.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:cisco:cgr1240_firmware:*:*:*:*:*:*:*:*
Версия до 1.16.0.1 (исключая)
cpe:2.3:h:cisco:cgr1240:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:*
Версия до 1.16.0.1 (исключая)
cpe:2.3:h:cisco:cgr1000:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:cisco:ir510_wpan_firmware:*:*:*:*:*:*:*:*
Версия до 1.10.0.1 (исключая)
cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

Одно из

cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*
Версия до 15.9\(3\) (исключая)
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:*
cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

Одно из

cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*
Версия до 15.9\(3\) (исключая)
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:*
cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

Одно из

cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*
Версия до 15.9\(3\) (исключая)
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:*
cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%
0.00365
Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-233
CWE-78

Связанные уязвимости

github логотип

GHSA-q7pv-4cxx-gq42

CVSS3: 8.8
github
почти 3 года назад

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

fstec логотип

BDU:2023-00549

CVSS3: 7.2
fstec
около 3 лет назад

Уязвимость программной платформы Cisco IOx, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнять произвольные команды в операционной системе с привилегиями root-пользователя

EPSS

Процентиль: 58%
0.00365
Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-233
CWE-78