cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3233,https://securityvulnerability.io/vulnerability/CVE-2020-3233,Cisco IOx Application Framework Local Manager Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The attacker must have valid Local Manager credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based Local Manager interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a system settings tab. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.",Cisco,Cisco Iox,6.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2020-3237,https://securityvulnerability.io/vulnerability/CVE-2020-3237,Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability,"A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.",Cisco,Cisco Iox,6.3,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2020-3238,https://securityvulnerability.io/vulnerability/CVE-2020-3238,Cisco IOx Application Framework Arbitrary File Creation Vulnerability,"A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx.",Cisco,Cisco Iox,8.1,HIGH,0.001129999989643693,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2017-3853,https://securityvulnerability.io/vulnerability/CVE-2017-3853,,"A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330.",Cisco,Cisco Iox,9.8,CRITICAL,0.011470000259578228,false,,false,false,false,,,false,false,,2017-03-22T19:00:00.000Z,0
CVE-2017-3805,https://securityvulnerability.io/vulnerability/CVE-2017-3805,,"A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0).",Cisco,Cisco iOS And Cisco Iox,5.3,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2017-01-26T07:45:00.000Z,0
CVE-2016-9199,https://securityvulnerability.io/vulnerability/CVE-2016-9199,,"A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0.",Cisco,Cisco Iox,6.5,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2016-12-14T00:37:00.000Z,0