Iox Cisco Iox

Do you want an email whenever new security vulnerabilities are reported in Cisco Iox?

Recent Cisco Iox Security Advisories

Advisory Title Published
2023-10-04 Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability October 4, 2023
2023-03-22 Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability March 22, 2023
2023-02-01 Cisco IOx Application Hosting Environment Command Injection Vulnerability February 1, 2023
2022-04-13 Cisco IOx Application Hosting Environment Vulnerabilities April 13, 2022
2021-03-31 Cisco IOx Application Environment Path Traversal Vulnerability March 31, 2021
2021-03-24 Cisco IOx Application Framework Denial of Service Vulnerability March 24, 2021
2021-03-24 Cisco IOx for IOS XE Software Command Injection Vulnerability March 24, 2021

By the Year

In 2024 there have been 0 vulnerabilities in Cisco Iox . Last year Iox had 1 security vulnerability published. Right now, Iox is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 8.80
2022 0 0.00
2021 0 0.00
2020 1 8.10
2019 0 0.00
2018 0 0.00

It may take a day or so for new Iox vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cisco Iox Security Vulnerabilities

A vulnerability in the Cisco IOx application hosting environment could

CVE-2023-20076 8.8 - High - February 12, 2023

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

Shell injection

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance

CVE-2020-3238 8.1 - High - June 03, 2020

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cisco Iox or by Cisco? Click the Watch button to subscribe.

Cisco
Vendor

Cisco Iox
Product

subscribe