3 matches found
CVE-2020-3237
The CVE-2020-3237 issue affects Cisco IOx Application Framework within the Cisco IOx application environment. It stems from insufficient path restriction enforcement, enabling an authenticated, local attacker to overwrite arbitrary files in the running virtual instance by including a crafted file...
CVE-2020-3238
Summary: CVE-2020-3238 affects the Cisco IOx Application Framework within Cisco IOx. The root cause is insufficient input validation of user-supplied application packages. An authenticated, remote attacker able to upload a malicious package can write/modify arbitrary files inside the affected dev...
CVE-2020-3233
CVE-2020-3233 describes a stored cross-site scripting (XSS) vulnerability in Cisco IOx Application Framework’s web-based Local Manager interface. An authenticated user with Local Manager credentials can inject malicious code via the System Settings tab due to insufficient input validation, leadin...