ID

VAR-202302-0213


CVE

CVE-2023-20076


TITLE

on multiple Cisco Systems products.  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-004067

DESCRIPTION

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system. Cisco IC3000 industrial computing gateway firmware, Cisco IOx , Cisco IOS XE Several Cisco Systems products include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Iox is a secure development environment of Cisco (Cisco), which combines Cisco IOS and Linux OS for secure network connection and development of IOT applications. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL

Trust: 2.34

sources: NVD: CVE-2023-20076 // JVNDB: JVNDB-2023-004067 // CNNVD: CNNVD-202302-157 // VULHUB: VHN-444868 // VULMON: CVE-2023-20076

AFFECTED PRODUCTS

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m5

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m6b

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:ltversion:15.9\(3\)

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:ltversion:15.9\(3\)

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m6b

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m2

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:ltversion:15.9\(3\)

Trust: 1.0

vendor:ciscomodel:ic3000 industrial compute gatewayscope:ltversion:1.4.2

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m4

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m2

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:17.9.2

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m4a

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m4

Trust: 1.0

vendor:ciscomodel:ioxscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m4a

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m2

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m4

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m2a

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m4a

Trust: 1.0

vendor:ciscomodel:ir510 wpanscope:ltversion:1.10.0.1

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m2a

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.10.0

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m1

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m1

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m6a

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:17.9.0

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m1

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m6a

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m5

Trust: 1.0

vendor:ciscomodel:cgr1000scope:ltversion:1.16.0.1

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m6a

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m

Trust: 1.0

vendor:ciscomodel:807 industrial integrated services routerscope:eqversion:15.9\(3\)m5

Trust: 1.0

vendor:ciscomodel:cgr1240scope:ltversion:1.16.0.1

Trust: 1.0

vendor:ciscomodel:829 industrial integrated services routerscope:eqversion:15.9\(3\)m6b

Trust: 1.0

vendor:ciscomodel:809 industrial integrated services routerscope:eqversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:17.6.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco 1240 connected grid ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ic3000 産業用コンピューティング ゲートウェイscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco 1000 シリーズ connected grid ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco 829 産業用サービス統合型ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ir510 wpanscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco 807 産業用サービス統合型ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco 809 産業用サービス統合型ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ioxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004067 // NVD: CVE-2023-20076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20076
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20076
value: HIGH

Trust: 1.0

NVD: CVE-2023-20076
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-157
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-20076
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20076
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-20076
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004067 // CNNVD: CNNVD-202302-157 // NVD: CVE-2023-20076 // NVD: CVE-2023-20076

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-233

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-444868 // JVNDB: JVNDB-2023-004067 // NVD: CVE-2023-20076

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-157

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-157

PATCH

title:cisco-sa-iox-8whGn5dLurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL

Trust: 0.8

title:Cisco Iox Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226416

Trust: 0.6

title:Cisco: Cisco IOx Application Hosting Environment Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iox-8whGn5dL

Trust: 0.1

sources: VULMON: CVE-2023-20076 // JVNDB: JVNDB-2023-004067 // CNNVD: CNNVD-202302-157

EXTERNAL IDS

db:NVDid:CVE-2023-20076

Trust: 3.4

db:JVNDBid:JVNDB-2023-004067

Trust: 0.8

db:AUSCERTid:ESB-2023.0608

Trust: 0.6

db:CNNVDid:CNNVD-202302-157

Trust: 0.6

db:VULHUBid:VHN-444868

Trust: 0.1

db:VULMONid:CVE-2023-20076

Trust: 0.1

sources: VULHUB: VHN-444868 // VULMON: CVE-2023-20076 // JVNDB: JVNDB-2023-004067 // CNNVD: CNNVD-202302-157 // NVD: CVE-2023-20076

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iox-8whgn5dl

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20076

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-20076/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0608

Trust: 0.6

sources: VULHUB: VHN-444868 // VULMON: CVE-2023-20076 // JVNDB: JVNDB-2023-004067 // CNNVD: CNNVD-202302-157 // NVD: CVE-2023-20076

SOURCES

db:VULHUBid:VHN-444868
db:VULMONid:CVE-2023-20076
db:JVNDBid:JVNDB-2023-004067
db:CNNVDid:CNNVD-202302-157
db:NVDid:CVE-2023-20076

LAST UPDATE DATE

2024-08-14T14:54:59.132000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-444868date:2023-02-22T00:00:00
db:JVNDBid:JVNDB-2023-004067date:2023-10-26T01:29:00
db:CNNVDid:CNNVD-202302-157date:2023-02-23T00:00:00
db:NVDid:CVE-2023-20076date:2023-11-07T04:05:57.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-444868date:2023-02-12T00:00:00
db:JVNDBid:JVNDB-2023-004067date:2023-10-26T00:00:00
db:CNNVDid:CNNVD-202302-157date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20076date:2023-02-12T04:15:19.287