Unrated severityNVD Advisory· Published Oct 4, 2023· Updated Feb 25, 2026
CVE-2023-20235
CVE-2023-20235
Description
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 17.3.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.