Lucene search
K

9 matches found

CVE
CVE
added 2023/02/12 12:0 a.m.438 views

CVE-2023-20076

CVE-2023-20076 affects Cisco IOx Application Hosting Environment. The flaw arises from incomplete sanitization of parameters in an activation payload, allowing an authenticated, remote attacker to execute arbitrary commands as root on the underlying host OS. The issue is exploitable by deploying/...

8.8CVSS8.1AI score0.01506EPSS
CVE
CVE
added 2017/03/22 7:0 p.m.63 views

CVE-2017-3853

CVE-2017-3853 affects Cisco IOx Data-in-Motion (DMo) in Cisco IOx on 800 Series routers (IR809/IR829). The issue is a stack overflow in the DMo process due to insufficient bounds checking, allowing an unauthenticated, remote attacker to cause remote code execution with root privileges within the ...

10CVSS9.9AI score0.08711EPSS
CVE
CVE
added 2017/03/22 7:0 p.m.59 views

CVE-2017-3851

CVE-2017-3851 is a directory-traversal vulnerability in Cisco IOx CAF: unauthenticated remote attacker can read files from the CAF web interface within the virtual instance. Affected Cisco IOx CAF versions: 1.0.0.0 and 1.1.0.0. Exploitation involves crafting requests to the CAF web interface; imp...

7.5CVSS7.5AI score0.05207EPSS
CVE
CVE
added 2017/01/26 7:45 a.m.57 views

CVE-2017-3805

The CVE-2017-3805 issue is a Cisco IOS/IOx Information Disclosure vulnerability where the web-based management interface fails to validate HTTP URLs, allowing an unauthenticated, remote attacker to view confidential data without signing in. Affected platforms include Cisco IOS and IOx Software on...

5.3CVSS5.2AI score0.01584EPSS
CVE
CVE
added 2020/06/03 5:55 p.m.54 views

CVE-2020-3237

The CVE-2020-3237 issue affects Cisco IOx Application Framework within the Cisco IOx application environment. It stems from insufficient path restriction enforcement, enabling an authenticated, local attacker to overwrite arbitrary files in the running virtual instance by including a crafted file...

6.3CVSS6.2AI score0.00351EPSS
CVE
CVE
added 2020/06/03 5:56 p.m.51 views

CVE-2020-3238

Summary: CVE-2020-3238 affects the Cisco IOx Application Framework within Cisco IOx. The root cause is insufficient input validation of user-supplied application packages. An authenticated, remote attacker able to upload a malicious package can write/modify arbitrary files inside the affected dev...

8.1CVSS8.1AI score0.01235EPSS
CVE
CVE
added 2020/06/03 5:55 p.m.49 views

CVE-2020-3233

CVE-2020-3233 describes a stored cross-site scripting (XSS) vulnerability in Cisco IOx Application Framework’s web-based Local Manager interface. An authenticated user with Local Manager credentials can inject malicious code via the System Settings tab due to insufficient input validation, leadin...

6.4CVSS5.5AI score0.00633EPSS
CVE
CVE
added 2017/03/22 7:0 p.m.45 views

CVE-2017-3852

CVE-2017-3852 affects the Cisco IOx Application-Hosting Framework (CAF) in the IOx environment. It stems from insufficient input validation of user-supplied application packages, allowing an authenticated remote attacker to write or modify arbitrary files within the victim’s virtual instance. Imp...

8.1CVSS8AI score0.02531EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.43 views

CVE-2016-9199

CVE-2016-9199 affects Cisco IOx’s Application-Hosting Framework (CAF) within the Cisco IOx subsystem of Cisco IOS/IOS XE. The vulnerability is a directory traversal issue caused by insufficient input validation in CAF, allowing an authenticated remote attacker to read arbitrary files on a targete...

6.8CVSS6.3AI score0.02517EPSS