CVE-2023-20235
Vulnerability from cvelistv5
Published
2023-10-04 16:14
Modified
2024-08-02 09:05
Summary
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.
Impacted products
CiscoCisco IOS XE Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-rdocker-uATbukKn",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.1a"
            },
            {
              "status": "affected",
              "version": "17.3.1w"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.1x"
            },
            {
              "status": "affected",
              "version": "17.3.1z"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.4a"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.4b"
            },
            {
              "status": "affected",
              "version": "17.3.4c"
            },
            {
              "status": "affected",
              "version": "17.3.5a"
            },
            {
              "status": "affected",
              "version": "17.3.5b"
            },
            {
              "status": "affected",
              "version": "17.3.7"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.4.2"
            },
            {
              "status": "affected",
              "version": "17.4.1a"
            },
            {
              "status": "affected",
              "version": "17.4.1b"
            },
            {
              "status": "affected",
              "version": "17.4.2a"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.5.1a"
            },
            {
              "status": "affected",
              "version": "17.5.1b"
            },
            {
              "status": "affected",
              "version": "17.5.1c"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.1w"
            },
            {
              "status": "affected",
              "version": "17.6.1a"
            },
            {
              "status": "affected",
              "version": "17.6.1x"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.1y"
            },
            {
              "status": "affected",
              "version": "17.6.1z"
            },
            {
              "status": "affected",
              "version": "17.6.3a"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.1z1"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.7.1b"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1a"
            },
            {
              "status": "affected",
              "version": "17.10.1b"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.1w"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1x"
            },
            {
              "status": "affected",
              "version": "17.9.1y"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.9.2a"
            },
            {
              "status": "affected",
              "version": "17.9.1x1"
            },
            {
              "status": "affected",
              "version": "17.9.3a"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.9.1y1"
            },
            {
              "status": "affected",
              "version": "17.9.4a"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            },
            {
              "status": "affected",
              "version": "17.11.1a"
            },
            {
              "status": "affected",
              "version": "17.12.1"
            },
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.11.99SW"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\r\n\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:27.801Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-rdocker-uATbukKn",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn"
        }
      ],
      "source": {
        "advisory": "cisco-sa-rdocker-uATbukKn",
        "defects": [
          "CSCwf67351"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20235",
    "datePublished": "2023-10-04T16:14:00.667Z",
    "dateReserved": "2022-10-27T18:47:50.369Z",
    "dateUpdated": "2024-08-02T09:05:36.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-20235\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-10-04T17:15:09.917\",\"lastModified\":\"2024-01-25T17:15:39.730\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\\r\\n\\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la funci\u00f3n de flujo de trabajo de desarrollo de aplicaciones en el dispositivo para la infraestructura de alojamiento de aplicaciones Cisco IOx en el software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado acceda al sistema operativo subyacente como usuario root. Esta vulnerabilidad existe porque los contenedores Docker con la opci\u00f3n de tiempo de ejecuci\u00f3n privilegiado no se bloquean cuando est\u00e1n en modo de desarrollo de aplicaciones. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando la CLI de Docker para acceder a un dispositivo afectado. El flujo de trabajo de desarrollo de aplicaciones est\u00e1 destinado a usarse \u00fanicamente en sistemas de desarrollo y no en sistemas de producci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.3.1\",\"matchCriteriaId\":\"100403F0-0796-4993-A2AF-6A14EDC84478\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86879AC0-890E-42F4-9561-6851F38FE0AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19017B10-F630-42CD-ACD2-E817FEF0E7F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ie3400_rugged_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7CCC02-113E-4EA1-B0CA-9FDF1108BB71\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1101:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68D183A4-2B4D-4DFB-B7F3-2B7AEC0E759E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1821-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564DB1E0-7FDA-4E6B-8ABF-4A7BDB07BABE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1831-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E218F9E1-8CB9-472D-815D-EAC68D1F5F9D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1833-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31498808-5603-43A2-B7F1-D6111F824F9B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1835-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B112725-CB72-48FC-8C73-3FCFF7DADF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir8140h-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA64916D-3743-4A5F-9021-07EB0B352FF9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir8140h-p-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC6129CB-2C8F-4786-AE76-89C4866BE0E3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir8340-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C9D37A1-D1AA-45B7-861B-046863A67727\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-con-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C98B90-69B3-4BDF-A569-4C102498BFAD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-con-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7646B0A1-FDF5-4A60-A451-E84CE355302E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-ncp-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA889066-14A8-4D88-9EFF-582FE1E65108\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-ncp-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A0C09AE-CD2A-486A-82D4-2F26AA6B6B95\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-con-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF81CC0-AEED-42DE-B423-8F4E118680BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-con-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDAAFDF1-7A3C-475F-AE82-B3194939D401\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-ncp-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9566FC8C-0357-4780-976F-8A68E6A7D24A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-ncp-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07503D21-965B-49F0-B8F2-B5ECD656F277\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.