CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.

Severity	MEDIUM
CVSS	6.5
CWE	CWE-552
KEV	No
Published	2 years ago
Modified	1 year ago

Related Products

Product	Advisory	Evidence
Cisco IOS	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln
Cisco IOx	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln
Cisco IOS XE Software	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln
Cisco Catalyst 9600 Series Switches	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches	cisco-sa-rdocker-uATbukKn	Cisco OpenVuln · software-dependent