Cisco IOS XE Software IOx Application Hosting Environment (cisco-sa-iox-yuXQ6hFj)

high Nessus Plugin ID 160083

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities:

- Multiple parameter injection vulnerabilities in the Cisco IOx application hosting environment. Due to incomplete sanitization of parameters that are part of an application package, an authenticated, remote attacker can use a specially crafted application package to execute arbitrary code as root on the underlying host operating system. (CVE-2022-20718, CVE-2022-20719, CVE-2022-20723)

- A path traversal vulnerability in the Cisco IOx application hosting environment. Due to a missing real path check, an authenticated remote attacker can create a symbolic link within a deployed application to read or execute arbitrary code as root on the underlying host operating system. (CVE-2022-20720)

- A race condition in the Cisco IOx application hosting environment can allow an unauthenticated remote attacker to bypass authentication and impersonate another authenticated user session. (CVE-2022-20724)

- A cross-site scripting vulnerability in the web-based Local Manager interface of the Cisco IOx application hosting environment can allow a remote attacker, authenticated with Local Manager credentials, to inject malicious code into the system settings tab. (CVE-2022-20725)

- A privilege escalation vulnerability in the Cisco IOS XE Software which allows an authenticated, local attacker to elevate privileges from level 15 to root. (CVE-2022-20677)

- A privilege escalation vulnerability in the Cisco IOx application hosting environment due to improper input validation. An authenticated, local attacker can modify application content while the application is loading to gain privileges equivalent to the root user. (CVE-2022-20727)

- Multiple vulnerabilities in the Cisco IOx application hosting environment. Due to insufficient path validation, an authenticated, remote attacker can send a specially requested command to the Cisco IOx API to read the contents of any file on the host device filesystem. (CVE-2022-20721, CVE-2022-20722)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvy16608, CSCvy30903, CSCvy30957, CSCvy35913, CSCvy35914, CSCvy86583, CSCvy86598, CSCvy86602, CSCvy86603, CSCvy86604, CSCvy86608

Plugin Details

Severity: High

ID: 160083

File Name: cisco-sa-iox-yuXQ6hFj-iosxe.nasl

Version: 1.10

Type: combined

Family: CISCO

Published: 4/22/2022

Updated: 3/5/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-20723

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version, Host/Cisco/IOS-XE/Model

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/13/2022

Vulnerability Publication Date: 4/13/2022

Reference Information

CVE: CVE-2022-20677, CVE-2022-20718, CVE-2022-20719, CVE-2022-20720, CVE-2022-20721, CVE-2022-20722, CVE-2022-20723, CVE-2022-20724, CVE-2022-20725, CVE-2022-20727

CWE: 22, 250, 77

CISCO-SA: cisco-sa-iox-yuXQ6hFj

IAVA: 2022-A-0157-S

CISCO-BUG-ID: CSCvy16608, CSCvy30903, CSCvy30957, CSCvy35913, CSCvy35914, CSCvy86583, CSCvy86598, CSCvy86602, CSCvy86603, CSCvy86604, CSCvy86608

Detections

Analytics