Security restrictions bypass in Cisco IOx
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-3852 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco IOx Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper input validation
EUVDB-ID: #VU6160
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3852
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write or modify arbitrary files on the target device.
The weakness exists due to insufficient input validation of user-supplied application packages. A remote attacker can send specially crafted requests to the target Cisco application-hosting framework (CAF) component, trigger an input validation flaw and write or modify arbitrary files on the target virtual instance running on the target device.
Successful exploitation of the vulnerability results in modification of system information.
Update to version 1.2.4.2.
Vulnerable software versionsCisco IOx: 1.0.0.0 - 1.2.4.2
CPE2.3- cpe:2.3:h:cisco_systems:cisco_iox:1.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_iox:1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_iox:1.2.4.2:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
