cisco-sa-caf-file-mVnPqKW9: Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
First published: Wed Jun 03 2020(Updated: )
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-file-mVnPqKW9
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco platform | =IR510 WPAN Industrial Routers<IR510 Operating System Release 6.1.27=IOS XE devices:<Cisco IOS XE Software Release 17.2(1)>=IC3000 Industrial Compute Gateway<=IE 4000 Series Switches<Cisco IOS Software Release 15.2.(7a)E0b=CGR1000 Compute Module<IOx image for CGR1000 Release 1.10.0.6=800 Series ISRs<Not fixed; IOx has reached end of life on the Cisco 800 Series ISRs.=800 Series Industrial ISRs<Cisco IOS Software Release 15.9(3)M | IR510 Operating System Release 6.1.27 Cisco IOS XE Software Release 17.2(1) Cisco IOS Software Release 15.2.(7a)E0b IOx image for CGR1000 Release 1.10.0.6 Not fixed; IOx has reached end of life on the Cisco 800 Series ISRs. Cisco IOS Software Release 15.9(3)M |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Cisco IOx vulnerability?
The vulnerability ID is cisco-sa-caf-file-mVnPqKW9.
What is the severity level of cisco-sa-caf-file-mVnPqKW9 vulnerability?
The severity level of cisco-sa-caf-file-mVnPqKW9 vulnerability is medium.
How does the cisco-sa-caf-file-mVnPqKW9 vulnerability affect Cisco devices?
The cisco-sa-caf-file-mVnPqKW9 vulnerability allows an authenticated, local attacker to overwrite arbitrary files in the virtual instance running on the affected device.
Which Cisco devices are affected by the cisco-sa-caf-file-mVnPqKW9 vulnerability?
The following Cisco devices are affected by the cisco-sa-caf-file-mVnPqKW9 vulnerability: IR510 Operating System Release 6.1.27, Cisco IOS XE Software Release 17.2(1), Cisco IOS Software Release 15.2.(7a)E0b, IOx image for CGR1000 Release 1.10.0.6, Not fixed; IOx has reached end of life on the Cisco 800 Series ISRs, Cisco IOS Software Release 15.9(3)M.
Is there a fix available for the cisco-sa-caf-file-mVnPqKW9 vulnerability?
No, there is no fix available for the cisco-sa-caf-file-mVnPqKW9 vulnerability as IOx has reached end of life on the Cisco 800 Series ISRs.
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco platform
- version/cisco platform/ir510 wpan industrial routers
- version/cisco platform/ios xe devices:
- version/cisco platform/ic3000 industrial compute gateway
- version/cisco platform/ie 4000 series switches
- version/cisco platform/cgr1000 compute module
- version/cisco platform/800 series isrs
- version/cisco platform/800 series industrial isrs