Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-1384: Cisco Security Advisory: Cisco IOx for IOS XE Software Command Injection Vulnerability

A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.

CVE
#vulnerability#ios#cisco#auth

At the time of publication, this vulnerability affected Cisco IOS XE Software releases 16.3.1 and later if they were configured with the Cisco IOx application hosting infrastructure.

The Cisco IOx application hosting infrastructure is not enabled by default.

See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Assess the Cisco IOx Application Hosting Environment

There are two methods for assessing the IOx application hosting environment:

Option 1: Use the show iox-service Command

To determine the status of IOx functionality, use the show iox-service command in privileged EXEC mode, as shown in the following example:

Router#show iox-service

IOx Infrastructure Summary:

IOx service (CAF) : Running IOx service (HA) : Running IOx service (IOxman) : Running Libvirtd : Running

Router#

The device is vulnerable if IOx service (CAF) is in the Running state. If any statement in the following list is true, the device is not affected by the vulnerability described in this advisory:

  • IOx service (CAF) is in the Not Running state
  • The show iox-service privileged EXEC mode command returns no output
  • The show iox-service privileged EXEC mode command returns an error

Option 2: Use the iox Configuration Command

As an alternative, check the running configuration for the iox configuration command, as shown in the following example:

Router#sh run | include iox iox Router#

The device is vulnerable if the output contains a line with only iox, as shown in the preceding example. If the iox configuration command does not return output or this command returns an error, the device is not affected by the vulnerability described in this advisory.

Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • Other platforms that support Cisco IOx
  • IOS Software
  • IOS XR Software
  • NX-OS Software

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907