CVE-2023-20235

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.
This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.

Una vulnerabilidad en la función de flujo de trabajo de desarrollo de aplicaciones en el dispositivo para la infraestructura de alojamiento de aplicaciones Cisco IOx en el software Cisco IOS XE podría permitir que un atacante remoto autenticado acceda al sistema operativo subyacente como usuario root. Esta vulnerabilidad existe porque los contenedores Docker con la opción de tiempo de ejecución privilegiado no se bloquean cuando están en modo de desarrollo de aplicaciones. Un atacante podría aprovechar esta vulnerabilidad utilizando la CLI de Docker para acceder a un dispositivo afectado. El flujo de trabajo de desarrollo de aplicaciones está destinado a usarse únicamente en sistemas de desarrollo y no en sistemas de producción.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-27 CVE Reserved
2023-10-04 CVE Published
2024-08-02 CVE Updated
2024-09-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management
CWE-552: Files or Directories Accessible to External Parties

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ie3200 Rugged Switch Search vendor "Cisco" for product "Catalyst Ie3200 Rugged Switch"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ie3300 Rugged Switch Search vendor "Cisco" for product "Catalyst Ie3300 Rugged Switch"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ie3400 Rugged Switch Search vendor "Cisco" for product "Catalyst Ie3400 Rugged Switch"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir1101 Search vendor "Cisco" for product "Catalyst Ir1101"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir1821-k9 Search vendor "Cisco" for product "Catalyst Ir1821-k9"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir1831-k9 Search vendor "Cisco" for product "Catalyst Ir1831-k9"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir1833-k9 Search vendor "Cisco" for product "Catalyst Ir1833-k9"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir1835-k9 Search vendor "Cisco" for product "Catalyst Ir1835-k9"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir8140h-k9 Search vendor "Cisco" for product "Catalyst Ir8140h-k9"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir8140h-p-k9 Search vendor "Cisco" for product "Catalyst Ir8140h-p-k9"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Ir8340-k9 Search vendor "Cisco" for product "Catalyst Ir8340-k9"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-24t-con-a Search vendor "Cisco" for product "Ess-3300-24t-con-a"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-24t-con-e Search vendor "Cisco" for product "Ess-3300-24t-con-e"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-24t-ncp-a Search vendor "Cisco" for product "Ess-3300-24t-ncp-a"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-24t-ncp-e Search vendor "Cisco" for product "Ess-3300-24t-ncp-e"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-con-a Search vendor "Cisco" for product "Ess-3300-con-a"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-con-e Search vendor "Cisco" for product "Ess-3300-con-e"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-ncp-a Search vendor "Cisco" for product "Ess-3300-ncp-a"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xe Search vendor "Cisco" for product "Ios Xe"	< 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version " < 17.3.1"	-	Affected	in	Cisco Search vendor "Cisco"	Ess-3300-ncp-e Search vendor "Cisco" for product "Ess-3300-ncp-e"	-	-	Safe