OS command injection in Cisco IOx Application Hosting Environment
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-20076 |
| CWE-ID | CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
CGR1000 Compute Modules Hardware solutions / Firmware IR510 WPAN Industrial Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 3850 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8000V Edge Software Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8200 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8300 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8300 Series Edge Universal CPE Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8500L Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9200 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9300 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9400 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9500 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9500H Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9600 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9800 Series Wireless Controllers Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst IE3200 Rugged Series Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst IE3300 Rugged Series Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst IE3400 Heavy Duty Series Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst IE3400 Rugged Series Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst IE9300 Rugged Series Hardware solutions / Routers & switches, VoIP, GSM, etc IC3000 Industrial Compute Gateway Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8200 Series Edge uCPE Other software / Other software solutions Catalyst 8500 Series Edge Platforms Other software / Other software solutions Catalyst Cellular Gateways Other software / Other software solutions Catalyst ESS9300 Embedded Series Switch Other software / Other software solutions 800 Series Industrial Integrated Services Routers Other software / Other software solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) OS Command Injection
EUVDB-ID: #VU71744
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20076
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the Cisco IOx application hosting environment when parsing parameters passed in for activation of an application. A remote authenticated user can pass specially crafted data and execute arbitrary OS commands as root on the underlying host system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCGR1000 Compute Modules: All versions
IR510 WPAN Industrial Routers: All versions
Catalyst 3850 Series Switches: All versions
Catalyst 8000V Edge Software: All versions
Catalyst 8200 Series Edge Platforms: All versions
Catalyst 8200 Series Edge uCPE: All versions
Catalyst 8300 Series Edge Platforms: All versions
Catalyst 8300 Series Edge Universal CPE: All versions
Catalyst 8500 Series Edge Platforms: All versions
Catalyst 8500L Series Edge Platforms: All versions
Catalyst 9200 Series Switches: All versions
Catalyst 9300 Series Switches: All versions
Catalyst 9400 Series Switches: All versions
Catalyst 9500 Series Switches: All versions
Catalyst 9500H Series Switches: All versions
Catalyst 9600 Series Switches: All versions
Catalyst 9800 Series Wireless Controllers: All versions
Catalyst Cellular Gateways: All versions
Catalyst ESS9300 Embedded Series Switch: All versions
Catalyst IE3200 Rugged Series: All versions
Catalyst IE3300 Rugged Series: All versions
Catalyst IE3400 Heavy Duty Series: All versions
Catalyst IE3400 Rugged Series: All versions
Catalyst IE9300 Rugged Series: All versions
800 Series Industrial Integrated Services Routers: before 15.9(3)M7
IC3000 Industrial Compute Gateway: before 1.2.1
CPE2.3- cpe:2.3:h:cisco_systems:cgr1000_compute_modules:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ir510_wpan_industrial_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_3850_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8000v_edge_software:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8200_series_edge_platforms:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:catalyst_8200_series_edge_ucpe:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8300_series_edge_platforms:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8300_series_edge_universal_cpe:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:catalyst_8500_series_edge_platforms:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8500l_series_edge_platforms:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9200_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9300_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9400_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9500_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9500h_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9600_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9800_series_wireless_controllers:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:catalyst_cellular_gateways:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:catalyst_ess9300_embedded_series_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_ie3200_rugged_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_ie3300_rugged_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_ie3400_heavy_duty_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_ie3400_rugged_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_ie9300_rugged_series:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:800_series_industrial_integrated_services_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc66882
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
