Lucene search

CiscoCISCO-SA-IOX-PT-HWGCPF7G

HistoryMar 24, 2021 - 4:00 p.m.

Cisco IOx Application Environment Path Traversal Vulnerability

2021-03-2416:00:00

tools.cisco.com

cisco

iox

application

environment

path traversal

vulnerability

directory traversal

cisco platforms

authentication

remote attacker

api

requests

operating system

software updates

EPSS

0.002

Percentile

56.0%

JSON

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system.

This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-pt-hWGcPf7g [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-pt-hWGcPf7g”]

Affected configurations

Vulners

Node

ciscoiosMatch15.8m

ciscoiosMatch15.9m

ciscoiosMatchany

ciscocisco_ios_xe_softwareMatch16.11

ciscocisco_ios_xe_softwareMatch16.12

ciscocisco_ios_xe_softwareMatch17.1

ciscocisco_ios_xe_softwareMatch17.2

ciscocisco_ios_xe_softwareMatch17.3

ciscocisco_ios_xe_softwareMatch17.4

ciscocisco_ios_xe_softwareMatchany

ciscocgr1000_compute_moduleMatchany

ciscoiosMatch15.8\(3\)m3

ciscoiosMatch15.8\(3\)m2a

ciscoiosMatch15.8\(3\)m4

ciscoiosMatch15.8\(3\)m5

ciscoiosMatch15.8\(3\)m6

ciscoiosMatch15.9\(3\)m

ciscoiosMatch15.9\(3\)m1

ciscoiosMatch15.9\(3\)m2

ciscoiosMatch15.9\(3\)m3

ciscoiosMatch15.9\(3\)m2a

ciscoiosMatchany

ciscocisco_ios_xe_softwareMatch16.11.1

ciscocisco_ios_xe_softwareMatch16.11.1a

ciscocisco_ios_xe_softwareMatch16.11.1b

ciscocisco_ios_xe_softwareMatch16.11.2

ciscocisco_ios_xe_softwareMatch16.11.1s

ciscocisco_ios_xe_softwareMatch16.11.1c

ciscocisco_ios_xe_softwareMatch16.12.1

ciscocisco_ios_xe_softwareMatch16.12.1s

ciscocisco_ios_xe_softwareMatch16.12.1a

ciscocisco_ios_xe_softwareMatch16.12.1c

ciscocisco_ios_xe_softwareMatch16.12.1w

ciscocisco_ios_xe_softwareMatch16.12.2

ciscocisco_ios_xe_softwareMatch16.12.1y

ciscocisco_ios_xe_softwareMatch16.12.2a

ciscocisco_ios_xe_softwareMatch16.12.3

ciscocisco_ios_xe_softwareMatch16.12.2s

ciscocisco_ios_xe_softwareMatch16.12.1x

ciscocisco_ios_xe_softwareMatch16.12.1t

ciscocisco_ios_xe_softwareMatch16.12.2t

ciscocisco_ios_xe_softwareMatch16.12.4

ciscocisco_ios_xe_softwareMatch16.12.3s

ciscocisco_ios_xe_softwareMatch16.12.1z

ciscocisco_ios_xe_softwareMatch16.12.3a

ciscocisco_ios_xe_softwareMatch16.12.4a

ciscocisco_ios_xe_softwareMatch16.12.5

ciscocisco_ios_xe_softwareMatch16.12.1z1

ciscocisco_ios_xe_softwareMatch17.1.1

ciscocisco_ios_xe_softwareMatch17.1.1a

ciscocisco_ios_xe_softwareMatch17.1.1s

ciscocisco_ios_xe_softwareMatch17.1.2

ciscocisco_ios_xe_softwareMatch17.1.1t

ciscocisco_ios_xe_softwareMatch17.1.3

ciscocisco_ios_xe_softwareMatch17.2.1

ciscocisco_ios_xe_softwareMatch17.2.1r

ciscocisco_ios_xe_softwareMatch17.2.1a

ciscocisco_ios_xe_softwareMatch17.2.1v

ciscocisco_ios_xe_softwareMatch17.2.2

ciscocisco_ios_xe_softwareMatch17.3.1

ciscocisco_ios_xe_softwareMatch17.3.2

ciscocisco_ios_xe_softwareMatch17.3.1a

ciscocisco_ios_xe_softwareMatch17.3.1w

ciscocisco_ios_xe_softwareMatch17.3.2a

ciscocisco_ios_xe_softwareMatch17.3.1x

ciscocisco_ios_xe_softwareMatch17.4.1

ciscocisco_ios_xe_softwareMatch17.4.1a

ciscocisco_ios_xe_softwareMatch17.4.1b

ciscocisco_ios_xe_softwareMatchany

ciscocgr1000_compute_moduleMatchany

VendorProductVersionCPE
ciscoios15.8mcpe:2.3:o:cisco:ios:15.8m:*:*:*:*:*:*:*
ciscoios15.9mcpe:2.3:o:cisco:ios:15.9m:*:*:*:*:*:*:*
ciscoiosanycpe:2.3:o:cisco:ios:any:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.11cpe:2.3:a:cisco:cisco_ios_xe_software:16.11:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.12cpe:2.3:a:cisco:cisco_ios_xe_software:16.12:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.1cpe:2.3:a:cisco:cisco_ios_xe_software:17.1:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.2cpe:2.3:a:cisco:cisco_ios_xe_software:17.2:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.3cpe:2.3:a:cisco:cisco_ios_xe_software:17.3:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.4cpe:2.3:a:cisco:cisco_ios_xe_software:17.4:*:*:*:*:*:*:*
ciscocisco_ios_xe_softwareanycpe:2.3:a:cisco:cisco_ios_xe_software:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.8m	cpe:2.3:o:cisco:ios:15.8m:::::::*
cisco	ios	15.9m	cpe:2.3:o:cisco:ios:15.9m:::::::*
cisco	ios	any	cpe:2.3:o:cisco:ios:any:::::::*
cisco	cisco_ios_xe_software	16.11	cpe:2.3:a:cisco:cisco_ios_xe_software:16.11:::::::*
cisco	cisco_ios_xe_software	16.12	cpe:2.3:a:cisco:cisco_ios_xe_software:16.12:::::::*
cisco	cisco_ios_xe_software	17.1	cpe:2.3:a:cisco:cisco_ios_xe_software:17.1:::::::*
cisco	cisco_ios_xe_software	17.2	cpe:2.3:a:cisco:cisco_ios_xe_software:17.2:::::::*
cisco	cisco_ios_xe_software	17.3	cpe:2.3:a:cisco:cisco_ios_xe_software:17.3:::::::*
cisco	cisco_ios_xe_software	17.4	cpe:2.3:a:cisco:cisco_ios_xe_software:17.4:::::::*
cisco	cisco_ios_xe_software	any	cpe:2.3:a:cisco:cisco_ios_xe_software:any:::::::*