cve-2023-20235
Vulnerability from cvelistv5
Published
2023-10-04 16:14
Modified
2024-08-02 09:05
Severity
Summary
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.
This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.
References
Impacted products
| Vendor | Product |
|---|---|
| Cisco | Cisco IOS XE Software |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-rdocker-uATbukKn",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.5.1b"
},
{
"status": "affected",
"version": "17.5.1c"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.11.99SW"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\r\n\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible to External Parties",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:27.801Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-rdocker-uATbukKn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn"
}
],
"source": {
"advisory": "cisco-sa-rdocker-uATbukKn",
"defects": [
"CSCwf67351"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20235",
"datePublished": "2023-10-04T16:14:00.667Z",
"dateReserved": "2022-10-27T18:47:50.369Z",
"dateUpdated": "2024-08-02T09:05:36.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-20235\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-10-04T17:15:09.917\",\"lastModified\":\"2024-01-25T17:15:39.730\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\\r\\n\\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la funci\u00f3n de flujo de trabajo de desarrollo de aplicaciones en el dispositivo para la infraestructura de alojamiento de aplicaciones Cisco IOx en el software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado acceda al sistema operativo subyacente como usuario root. Esta vulnerabilidad existe porque los contenedores Docker con la opci\u00f3n de tiempo de ejecuci\u00f3n privilegiado no se bloquean cuando est\u00e1n en modo de desarrollo de aplicaciones. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando la CLI de Docker para acceder a un dispositivo afectado. El flujo de trabajo de desarrollo de aplicaciones est\u00e1 destinado a usarse \u00fanicamente en sistemas de desarrollo y no en sistemas de producci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.3.1\",\"matchCriteriaId\":\"100403F0-0796-4993-A2AF-6A14EDC84478\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86879AC0-890E-42F4-9561-6851F38FE0AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19017B10-F630-42CD-ACD2-E817FEF0E7F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ie3400_rugged_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7CCC02-113E-4EA1-B0CA-9FDF1108BB71\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1101:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68D183A4-2B4D-4DFB-B7F3-2B7AEC0E759E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1821-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564DB1E0-7FDA-4E6B-8ABF-4A7BDB07BABE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1831-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E218F9E1-8CB9-472D-815D-EAC68D1F5F9D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1833-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31498808-5603-43A2-B7F1-D6111F824F9B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir1835-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B112725-CB72-48FC-8C73-3FCFF7DADF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir8140h-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA64916D-3743-4A5F-9021-07EB0B352FF9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir8140h-p-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC6129CB-2C8F-4786-AE76-89C4866BE0E3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_ir8340-k9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C9D37A1-D1AA-45B7-861B-046863A67727\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-con-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C98B90-69B3-4BDF-A569-4C102498BFAD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-con-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7646B0A1-FDF5-4A60-A451-E84CE355302E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-ncp-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA889066-14A8-4D88-9EFF-582FE1E65108\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-24t-ncp-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A0C09AE-CD2A-486A-82D4-2F26AA6B6B95\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-con-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF81CC0-AEED-42DE-B423-8F4E118680BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-con-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDAAFDF1-7A3C-475F-AE82-B3194939D401\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-ncp-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9566FC8C-0357-4780-976F-8A68E6A7D24A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ess-3300-ncp-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07503D21-965B-49F0-B8F2-B5ECD656F277\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...