How severe is CVE-2023-20076?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-20076?

This is classified as CWE-233, which is a common weakness in software security.

CVE-2023-20076 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

Related Vulnerabilities

CVE-2021-0269

HIGH

CVSS:8.8(High)

The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authe...

CWE-2332021

CVE-2024-31808

HIGH

CVSS:8.8(High)

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

CWE-2332024

CVE-2022-45182

CRITICAL

CVSS:9.8(Critical)

Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.

CWE-2332022

CVE-2021-1230

HIGH

CVSS:7.5(High)

A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to c...

CWE-2332021

CVE-2022-22792

HIGH

CVSS:7.5(High)

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handl...

CWE-2332022

CVE-2022-32261

HIGH

CVSS:7.5(High)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add i...

CWE-2332022