A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCisco 807 Industrial Integrated Services Router
HWCiscowszystkie wersjeCisco 807 Industrial Integrated Services Router Firmware
OSCisco15.9\(3\)m15.9\(3\)m115.9\(3\)m215.9\(3\)m2a15.9\(3\)m315.9\(3\)m415.9\(3\)m4a15.9\(3\)m515.9\(3\)m6a15.9\(3\)m6b< 15.9\(3\)Cisco 809 Industrial Integrated Services Router
HWCiscowszystkie wersjeCisco 809 Industrial Integrated Services Router Firmware
OSCisco15.9\(3\)m15.9\(3\)m115.9\(3\)m215.9\(3\)m2a15.9\(3\)m315.9\(3\)m415.9\(3\)m4a15.9\(3\)m515.9\(3\)m6a15.9\(3\)m6b< 15.9\(3\)Cisco 829 Industrial Integrated Services Router
HWCiscowszystkie wersjeCisco 829 Industrial Integrated Services Router Firmware
OSCisco15.9\(3\)m15.9\(3\)m115.9\(3\)m215.9\(3\)m2a15.9\(3\)m315.9\(3\)m415.9\(3\)m4a15.9\(3\)m515.9\(3\)m6a15.9\(3\)m6b< 15.9\(3\)Cisco Cgr1000
HWCiscowszystkie wersjeCisco Cgr1000 Firmware
OSCisco< 1.16.0.1Cisco Cgr1240
HWCiscowszystkie wersjeCisco Cgr1240 Firmware
OSCisco< 1.16.0.1Cisco Ic3000 Industrial Compute Gateway
HWCisco< 1.4.2Cisco IOS XE
OSCisco17.10.017.9.0 – 17.9.2 (bez)< 17.6.5Cisco Iox
APPCiscowszystkie wersjeCisco Ir510 Wpan
HWCiscowszystkie wersjeCisco Ir510 Wpan Firmware
OSCisco< 1.10.0.1
Related vulnerabilities
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...
RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP
Cisco IOS XE WLC — nieuwierzytelniony upload plików i RCE przez hardcoded JWT