9 matches found
CVE-2023-20076
CVE-2023-20076 affects Cisco IOx Application Hosting Environment. The flaw arises from incomplete sanitization of parameters in an activation payload, allowing an authenticated, remote attacker to execute arbitrary commands as root on the underlying host OS. The issue is exploitable by deploying/...
CVE-2017-3853
CVE-2017-3853 affects Cisco IOx Data-in-Motion (DMo) in Cisco IOx on 800 Series routers (IR809/IR829). The issue is a stack overflow in the DMo process due to insufficient bounds checking, allowing an unauthenticated, remote attacker to cause remote code execution with root privileges within the ...
CVE-2017-3851
CVE-2017-3851 is a directory-traversal vulnerability in Cisco IOx CAF: unauthenticated remote attacker can read files from the CAF web interface within the virtual instance. Affected Cisco IOx CAF versions: 1.0.0.0 and 1.1.0.0. Exploitation involves crafting requests to the CAF web interface; imp...
CVE-2017-3805
The CVE-2017-3805 issue is a Cisco IOS/IOx Information Disclosure vulnerability where the web-based management interface fails to validate HTTP URLs, allowing an unauthenticated, remote attacker to view confidential data without signing in. Affected platforms include Cisco IOS and IOx Software on...
CVE-2020-3237
The CVE-2020-3237 issue affects Cisco IOx Application Framework within the Cisco IOx application environment. It stems from insufficient path restriction enforcement, enabling an authenticated, local attacker to overwrite arbitrary files in the running virtual instance by including a crafted file...
CVE-2020-3238
Summary: CVE-2020-3238 affects the Cisco IOx Application Framework within Cisco IOx. The root cause is insufficient input validation of user-supplied application packages. An authenticated, remote attacker able to upload a malicious package can write/modify arbitrary files inside the affected dev...
CVE-2020-3233
CVE-2020-3233 describes a stored cross-site scripting (XSS) vulnerability in Cisco IOx Application Framework’s web-based Local Manager interface. An authenticated user with Local Manager credentials can inject malicious code via the System Settings tab due to insufficient input validation, leadin...
CVE-2017-3852
CVE-2017-3852 affects the Cisco IOx Application-Hosting Framework (CAF) in the IOx environment. It stems from insufficient input validation of user-supplied application packages, allowing an authenticated remote attacker to write or modify arbitrary files within the victim’s virtual instance. Imp...
CVE-2016-9199
CVE-2016-9199 affects Cisco IOx’s Application-Hosting Framework (CAF) within the Cisco IOx subsystem of Cisco IOS/IOS XE. The vulnerability is a directory traversal issue caused by insufficient input validation in CAF, allowing an authenticated remote attacker to read arbitrary files on a targete...