Rewterz Threat Advisory – CVE-2023-20856 – VMware vRealize Operations (vROps) Vulnerability
February 2, 2023Rewterz Threat Alert – RedLine Stealer – Active IOCs
February 2, 2023Rewterz Threat Advisory – CVE-2023-20856 – VMware vRealize Operations (vROps) Vulnerability
February 2, 2023Rewterz Threat Alert – RedLine Stealer – Active IOCs
February 2, 2023Severity
High
Analysis Summary
CVE-2023-20076
Cisco IOS XE Software could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by incomplete sanitization of parameters passed in for activation of an application. By using a specially-crafted activation payload file, an attacker could exploit this vulnerability to execute arbitrary commands as root on the underlying host operating system.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2023-20076
Affected Vendors
Cisco
Affected Products
- Cisco IOS XE SoftwareCisco IC3000 Industrial Compute Gateway
- Cisco 800 Series Industrial ISRsCisco Catalyst Access Points (COS-APs)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.