Vulnerability Details : CVE-2023-20076
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
Exploit prediction scoring system (EPSS) score for CVE-2023-20076
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 34 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-20076
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
[email protected] |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
[email protected] |
CWE ids for CVE-2023-20076
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: [email protected] (Primary)
-
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.Assigned by: [email protected] (Secondary)
References for CVE-2023-20076
Products affected by CVE-2023-20076
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:17.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:iox:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ir510_wpan_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:cgr1240_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m2a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m4a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6a:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\(3\)m6b:*:*:*:*:*:*:*