Cisco IOS Software IOx Application Hosting Environment (cisco-sa-iox-yuXQ6hFj)

high Nessus Plugin ID 160084

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities:

- Multiple parameter injection vulnerabilities in the Cisco IOx application hosting environment. Due to incomplete sanitization of parameters that are part of an application package, an authenticated, remote attacker can use a specially crafted application package to execute arbitrary code as root on the underlying host operating system. (CVE-2022-20718, CVE-2022-20719, CVE-2022-20723)

- A path traversal vulnerability in the Cisco IOx application hosting environment. Due to a missing real path check, an authenticated remote attacker can create a symbolic link within a deployed application to read or execute arbitrary code as root on the underlying host operating system. (CVE-2022-20720)

- A race condition in the Cisco IOx application hosting environment can allow an unauthenticated remote attacker to bypass authentication and impersonate another authenticated user session. (CVE-2022-20724)

- A cross-site scripting vulnerability in the web-based Local Manager interface of the Cisco IOx application hosting environment can allow a remote attacker, authenticated with Local Manager credentials, to inject malicious code into the system settings tab. (CVE-2022-20725)

- A denial of service vulnerability in the Cisco IOx application host environment of Cisco 809 and 829 integrated service routers, Cisco CGR 1000 Compute Modules and Cisco IC3000 Industrial Compute Gateways. Due to insufficient error handling of socket operations, an unauthenticated, remote attacker can cause the IOx web sever to stop processing requests. (CVE-2022-20726)

- A privilege escalation vulnerability in the Cisco IOx application hosting environment due to improper input validation. An authenticated, local attacker can modify application content while the application is loading to gain privileges equivalent to the root user. (CVE-2022-20727)

- Multiple vulnerabilities in the Cisco IOx application hosting environment. Due to insufficient path validation, an authenticated, remote attacker can send a specially requested command to the Cisco IOx API to read the contents of any file on the host device filesystem. (CVE-2022-20721, CVE-2022-20722)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvx27640, CSCvy30903, CSCvy30957, CSCvy35913, CSCvy35914, CSCvy86583, CSCvy86598, CSCvy86602, CSCvy86603, CSCvy86604, CSCvy86608

Plugin Details

Severity: High

ID: 160084

File Name: cisco-sa-iox-yuXQ6hFj-ios.nasl

Version: 1.10

Type: combined

Family: CISCO

Published: 4/22/2022

Updated: 3/5/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-20723

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version, Host/Cisco/IOS/Model

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/13/2022

Vulnerability Publication Date: 4/13/2022

Reference Information

CVE: CVE-2022-20718, CVE-2022-20719, CVE-2022-20720, CVE-2022-20721, CVE-2022-20722, CVE-2022-20723, CVE-2022-20724, CVE-2022-20725, CVE-2022-20726, CVE-2022-20727

CWE: 22, 250, 77

CISCO-SA: cisco-sa-iox-yuXQ6hFj

IAVA: 2022-A-0157-S

CISCO-BUG-ID: CSCvx27640, CSCvy30903, CSCvy30957, CSCvy35913, CSCvy35914, CSCvy86583, CSCvy86598, CSCvy86602, CSCvy86603, CSCvy86604, CSCvy86608

Detections

Analytics