cbcvebase.

Cisco Iox vulnerabilities

8 known vulnerabilities affecting cisco/iox.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2017-3853P2CRITICALCVSS 9.8v1.1\(0\)v1.1.02017-03-22
CVE-2017-3853 [CRITICAL] CWE-119 CVE-2017-3853: A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environ A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking
nvd
CVE-2017-3851P3HIGHCVSS 7.5v1.1\(0\)v1.1.02017-03-22
CVE-2017-3851 [HIGH] CWE-22 CVE-2017-3851: A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting frame A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. A
nvd
CVE-2017-3852P3HIGHCVSS 8.1v1.1\(0\)v1.1.02017-03-22
CVE-2017-3852 [HIGH] CWE-20 CVE-2017-3852: A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx applicat A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An att
nvd
CVE-2020-3238P3HIGHCVSS 8.1fixed in 1.9.02020-06-03
CVE-2020-3238 [HIGH] CWE-20 CVE-2020-3238: A vulnerability in the Cisco Application Framework component of the Cisco IOx application environmen A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker
nvd
CVE-2016-9199P3MEDIUMCVSS 6.5v1.1.02016-12-14
CVE-2016-9199 [MEDIUM] CWE-22 CVE-2016-9199: A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authent A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2
nvd
CVE-2020-3237P4MEDIUMCVSS 6.3fixed in 1.9.02020-06-03
CVE-2020-3237 [MEDIUM] CWE-59 CVE-2020-3237: A vulnerability in the Cisco Application Framework component of the Cisco IOx application environmen A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerabilit
nvd
CVE-2017-3805P4MEDIUMCVSS 5.3v1.0\(0\)2017-01-26
CVE-2017-3805 [MEDIUM] CWE-200 CVE-2017-3805: A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allo A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR
nvd
CVE-2020-3233P4MEDIUMCVSS 5.4fixed in 1.9.02020-06-03
CVE-2020-3233 [MEDIUM] CWE-79 CVE-2020-3233: A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework coul A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The attacker must have valid Local Manager credentials. The vulnerability is du
nvd
Cisco Iox vulnerabilities | cvebase