Vulnslist

find the latest Cisco vulnerabilities

Cisco IOx Application Framework Arbitrary File Creation Vulnerability

cisco-sa-caf-3dXM8exv · High · Published · Updated

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

Customers who do not need to use the Cisco IOx Application Framework can mitigate this vulnerability by disabling IOx on the device by using the no iox configuration command.

CVEsCVE-2020-3238
Cisco Bug IDsCSCvr02052
CVSS ScoreBase 8.1
Base 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco IOx

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2020-3238 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2020-3238 Cisco OpenVuln
Cisco IOx CVE-2020-3238 Cisco OpenVuln