Multiple vulnerabilities in Cisco IOx Application Hosting Environment
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2022-20718 CVE-2022-20719 CVE-2022-20720 CVE-2022-20721 CVE-2022-20722 CVE-2022-20723 CVE-2022-20724 CVE-2022-20725 CVE-2022-20726 CVE-2022-20727 |
| CWE-ID | CWE-77 CWE-250 CWE-22 CWE-362 CWE-79 CWE-20 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
800 Series Industrial Integrated Services Routers Other software / Other software solutions Industrial Ethernet 4000 Series Switches Other software / Other software solutions 800 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 1000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc 4000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco ASR 1000 Series Aggregation Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9x00 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst IE3400 Rugged Series Hardware solutions / Routers & switches, VoIP, GSM, etc Embedded Services 3300 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc IR510 WPAN Industrial Routers Hardware solutions / Routers & switches, VoIP, GSM, etc IC3000 Industrial Compute Gateway Hardware solutions / Routers & switches, VoIP, GSM, etc CGR1000 Compute Modules Hardware solutions / Firmware Cisco IOx Hardware solutions / Firmware Cisco IOS XE Operating systems & Components / Operating system Cisco IOS Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Command Injection
EUVDB-ID: #VU62327
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20718
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to incomplete sanitization of parameters that are passed in for activation of an application in the Cisco IOx application hosting environment. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Execution with unnecessary privileges
EUVDB-ID: #VU62328
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20719
CWE-ID:
CWE-250 - Execution with Unnecessary Privileges
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to incomplete sanitization of parameters that are passed in as part of the IOx package descriptor. A remote administrator can execute arbitrary code on the underlying host operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU62329
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20720
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Cisco IOx application hosting environment. A remote administrator can send a specially crafted HTTP request and read or write arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Path traversal
EUVDB-ID: #VU62330
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20721
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Cisco IOx application hosting environment. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Path traversal
EUVDB-ID: #VU62331
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20722
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Cisco IOx application hosting environment. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Execution with unnecessary privileges
EUVDB-ID: #VU62332
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20723
CWE-ID:
CWE-250 - Execution with Unnecessary Privileges
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to incomplete sanitization of parameters that are passed in for activation of an application in the Cisco IOx application hosting environment. A remote administrator can execute arbitrary code on the underlying host operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Race condition
EUVDB-ID: #VU62333
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20724
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to a race condition for allocation of the token in the Cisco IOx application hosting environment. A remote attacker can exploit the race, bypass authentication and impersonate another authenticated user session.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stored cross-site scripting
EUVDB-ID: #VU62334
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20725
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based Local Manager interface. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU62335
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20726
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient error handling of socket operations in the Cisco IOx application hosting environment. A remote attacker can send a specially crafted TCP traffic and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU62336
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20727
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A local administrator can modify application content while a Cisco IOx application is loading and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions800 Series Industrial Integrated Services Routers: All versions
800 Series Integrated Services Routers: All versions
CGR1000 Compute Modules: All versions
Industrial Ethernet 4000 Series Switches: All versions
Cisco 1000 Series Integrated Services Routers: All versions
4000 Series Integrated Services Routers: All versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Catalyst 9x00 Series Switches: All versions
Catalyst IE3400 Rugged Series: All versions
Embedded Services 3300 Series Switches: All versions
IR510 WPAN Industrial Routers: All versions
Cisco IOS XE: before 17.7(1)
Cisco IOS: before 15.9(3)M5
Cisco IOx: before 1.15.0.1
IC3000 Industrial Compute Gateway: before 1.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
