Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.

Published

2023-10-04T17:15:09.917

Last Modified

2024-11-21T07:40:57.567

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-552
  • Type: Primary
    CWE-269
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xe < 17.3.1 Yes
Hardware cisco catalyst_ie3200_rugged_switch - No
Hardware cisco catalyst_ie3300_rugged_switch - No
Hardware cisco catalyst_ie3400_rugged_switch - No
Hardware cisco catalyst_ir1101 - No
Hardware cisco catalyst_ir1821-k9 - No
Hardware cisco catalyst_ir1831-k9 - No
Hardware cisco catalyst_ir1833-k9 - No
Hardware cisco catalyst_ir1835-k9 - No
Hardware cisco catalyst_ir8140h-k9 - No
Hardware cisco catalyst_ir8140h-p-k9 - No
Hardware cisco catalyst_ir8340-k9 - No
Hardware cisco ess-3300-24t-con-a - No
Hardware cisco ess-3300-24t-con-e - No
Hardware cisco ess-3300-24t-ncp-a - No
Hardware cisco ess-3300-24t-ncp-e - No
Hardware cisco ess-3300-con-a - No
Hardware cisco ess-3300-con-e - No
Hardware cisco ess-3300-ncp-a - No
Hardware cisco ess-3300-ncp-e - No
References