Vulnerabilities > Cisco > IOX

DATE CVE VULNERABILITY TITLE RISK
2023-02-12 CVE-2023-20076 OS Command Injection vulnerability in Cisco products
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system.
network
low complexity
cisco CWE-78
8.8
2020-06-03 CVE-2020-3238 Improper Input Validation vulnerability in Cisco IOX
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device.
network
low complexity
cisco CWE-20
5.5
2020-06-03 CVE-2020-3237 Link Following vulnerability in Cisco IOX
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device.
local
low complexity
cisco CWE-59
4.6
2020-06-03 CVE-2020-3233 Cross-site Scripting vulnerability in Cisco IOX
A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device.
network
cisco CWE-79
3.5
2017-03-22 CVE-2017-3853 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOX 1.1.0/1.1(0)
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device.
network
low complexity
cisco CWE-119
critical
10.0
2017-03-22 CVE-2017-3852 Improper Input Validation vulnerability in Cisco IOX 1.1.0/1.1(0)
A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device.
network
low complexity
cisco CWE-20
5.5
2017-03-22 CVE-2017-3851 Path Traversal vulnerability in Cisco IOX 1.1.0/1.1(0)
A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device.
network
low complexity
cisco CWE-22
5.0
2017-01-26 CVE-2017-3805 Information Exposure vulnerability in Cisco IOX 1.0(0)
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device.
network
low complexity
cisco CWE-200
5.0
2016-12-14 CVE-2016-9199 Path Traversal vulnerability in Cisco IOX 1.1.0
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.
network
low complexity
cisco CWE-22
6.8