Lucene search
K

305 matches found

0day.today
0day.today
added 2023/11/10 12:0 a.m.531 views

Cisco IOX XE unauthenticated OS Command Execution Exploit

msf use auxiliary/admin/http/ciscoiosxeosexeccve202320273 msf auxiliaryciscoiosxeosexeccve202320273 show actions ...actions... msf auxiliaryciscoiosxeosexeccve202320273 set ACTION msf auxiliaryciscoiosxeosexeccve202320273 show options ...show and set options... msf...

10CVSS8.7AI score0.99571EPSS
Exploits27
0day.today
0day.today
added 2023/11/10 12:0 a.m.495 views

Cisco IOX XE unauthenticated Command Line Interface Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...

10CVSS7.4AI score0.99571EPSS
Exploits26
Metasploit
Metasploit
added 2023/11/08 7:50 p.m.1050 views

Cisco IOX XE Unauthenticated RCE Chain

This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute a payload with root privileges. The vulnerable IOS XE versions are: 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2,...

10CVSS8.2AI score0.99571EPSS
Exploits27
Metasploit
Metasploit
added 2023/11/08 7:50 p.m.628 views

Cisco IOX XE unauthenticated OS command execution

This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary OS commands with root privileges. This module leverages CVE-2023-20198 to create a new admin user, then authenticating...

10CVSS8.8AI score0.99571EPSS
Exploits27
BDU FSTEC
BDU FSTEC
added 2023/10/15 12:0 a.m.6 views

The vulnerability of the Cisco IOx software platform for the Cisco IOS XE operating system allows a hacker to gain access to the basic operating system as a root user.

The vulnerability of the Cisco IOx software platform for the Cisco IOS XE operating system is related to an error in blocking the privileged mode options for Docker containers during application development. Exploiting this vulnerability could allow a malicious actor to gain access to the basic...

7.7CVSS7.5AI score0.00509EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/10/04 5:15 p.m.32 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

8.8CVSS7.5AI score0.00509EPSS
Exploits0References1
Prion
Prion
added 2023/10/04 5:15 p.m.26 views

Design/Logic Flaw

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS8.5AI score0.00509EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/04 4:14 p.m.118 views

CVE-2023-20235

The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...

8.8CVSS8.4AI score0.00509EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/04 4:14 p.m.29 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS8.8AI score0.00509EPSS
Exploits0References1
Cisco
Cisco
added 2023/10/04 4:0 p.m.42 views

Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS8.7AI score0.00509EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.5 views

Cisco IOS XE Software Security Vulnerability

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software, which stems from a...

8.8CVSS7AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2023/03/23 5:15 p.m.1 views

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

7.8CVSS6AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2023/03/23 5:15 p.m.21 views

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

7.8CVSS7.9AI score0.00206EPSS
Exploits0References1
Prion
Prion
added 2023/03/23 5:15 p.m.22 views

Authorization

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

4.3CVSS7.8AI score0.00206EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/23 12:0 a.m.145 views

CVE-2023-20065

The CVE-2023-20065 issue affects Cisco IOS XE Software IOx Application Hosting Environment. A local, authenticated attacker can escape the Cisco IOx container and execute commands on the underlying OS with root privileges due to insufficient restrictions on hosted applications. Affected: Cisco IO...

7.8CVSS7.8AI score0.00206EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/23 12:0 a.m.25 views

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

7.8CVSS8AI score0.00206EPSS
Exploits0References1
Cisco
Cisco
added 2023/03/22 4:0 p.m.55 views

Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

7.8CVSS7.8AI score0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/03/22 4:0 p.m.2 views

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

7.8CVSS7.3AI score0.00206EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/12 4:15 a.m.3 views

CVE-2023-20076

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an...

8.8CVSS7.8AI score0.01506EPSS
Exploits0References1
NVD
NVD
added 2023/02/12 4:15 a.m.24 views

CVE-2023-20076

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an...

8.8CVSS7.8AI score0.01506EPSS
Exploits0References1
Rows per page
Query Builder