Cisco has released security updates to address a dangerous vulnerability in the Cisco IOx application hosting environment that could be used for command injection.

Vulnerability CVE-2023-20076 (CVSS: 7.2) could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system.

The company says the vulnerability affects the following Cisco devices:

• IOS XE-based devices;
• 800 Series Industrial ISR routers;
• CGR1000 Compute Modules;
• IC3000 Industrial Compute Gateways;
• IR510 WPAN Industrial Routers;
• Cisco Catalyst Access Points (COS-AP).

Source: securitylab.ru