Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-1385: Cisco Security Advisory: Cisco IOx Application Environment Path Traversal Vulnerability

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.

CVE
Open in Source
#vulnerability#ios#cisco

At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable software release and configured with the Cisco IOx application hosting environment.

Cisco Product

Cisco Software

Vulnerable Releases

809 Industrial Integrated Services Routers (ISRs)

IOS Software

15.8(3)M2 and later, earlier than the first fixed release

829 Industrial ISRs

IOS Software

15.8(3)M2 and later, earlier than the first fixed release

CGR 1000 Compute Module

CGR 1000 IOx Compute Platform Firmware

1.9 and later, earlier than the first fixed release

IC3000 Industrial Compute Gateway

Industrial Compute Gateway Software

All releases earlier than the first fixed release

Devices running Cisco IOS XE Software

IOS XE Software

16.11.1 and later, earlier than the first fixed release

For additional information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Assess the Cisco IOx Application Hosting Environment

Use the following subsections to determine whether a device is configured with the Cisco IOx application hosting environment.

Cisco 809 and 829 Industrial Integrated Services Routers

To determine whether the Cisco IOx application hosting environment is enabled on a device, use the show iox host list detail | include OS status command at the device CLI.

The following example shows the output of the command for a device that has the Cisco IOx application hosting environment enabled:

Router#show iox host list detail | include OS status
OS status: RUNNING

If this command does not exist, or if it produces output that does not show RUNNING in the OS status field, the device is not affected by this vulnerability.

Cisco CGR 1000 Compute Module

To determine the status of IOx functionality, use the show iox host list detail | include IOX Server is running CLI command, as shown in the following example:

CGR1000#show iox host list detail | include IOX Server is running IOX Server is running. Process ID: 305 CGR1000#

Cisco IC3000 Industrial Compute Gateway

On the Cisco IC3000 Industrial Compute Gateway, Cisco IOx functionality is enabled by default.

To determine the status of IOx functionality, use the show iox summary CLI command, as shown in the following example:

ic3k#show iox summary IOx Infrastructure Summary:

eid: IC3000-2C2F-K9+FOC2227Y304 pfm: IC3000-2C2F-K9 s/n: FOC2227Y304 images: Lnx: 1.0.1., IOx: 1.7.0:r/1.7.0.0:fc6e9cf boot: 2018-09-17 17:37:55 time: 2018-09-18 18:07:28 load: 18:07:28 up 1 day, 29 min, 0 users, load average: 0.32, 0.11, 0.02 memory: ok, used: 481/7854 (6%) disk: ok, used: /:270305/338869 (79%), /software:57272/87462892 (0%) process: warning, running: 4/5, failed: sshd networking: ok logs: ok, errors: caf (0) apps: ok,

Cisco Platforms That Use Cisco IOS XE Software

The IOx application hosting infrastructure is not enabled by default.

There are two methods for assessing the Cisco IOx application hosting environment in Cisco IOS XE Software:

Option 1: Use the show iox-service Command

To determine the status of Cisco IOx functionality, use the show iox-service command in privileged EXEC mode, as shown in the following example:

Router#show iox-service

IOx Infrastructure Summary:

IOx service (CAF) : Running IOx service (HA) : Running IOx service (IOxman) : Running Libvirtd : Running

Router#

The device is vulnerable if IOx service (CAF) is in the Running state. If any statement in the following list is true, the device is not affected by the vulnerability described in this advisory:

  • IOx service (CAF) is in the Not Running state
  • The show iox-service privileged EXEC mode command returns no output
  • The show iox-service privileged EXEC mode command returns an error

Option 2: Use the iox Configuration Command

As an alternative, check the running configuration for the iox configuration command, as shown in the following example:

Router#sh run | include iox iox Router#

The device is vulnerable if the output contains a line with only iox, as shown in the preceding example. If the iox configuration command does not return output or this command returns an error, the device is not affected by the vulnerability described in this advisory.

Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • 510 WPAN Industrial Routers
  • Industrial Ethernet (IE) 4000 Series Switches
  • IOS XR Software
  • NX-OS Software

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE