CVSS: 5.5EPSS: 1%CPEs: 278EXPL: 0CVE-2022-20725 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20725
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 0CVE-2019-12656 – Cisco IOx Application Environment Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12656
25 Sep 2019 — A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web s... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox • CWE-20: Improper Input Validation •