CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6773
https://notcve.org/view.php?id=CVE-2017-6773
17 Aug 2017 — A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the u... • http://www.securityfocus.com/bid/100376 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6774
https://notcve.org/view.php?id=CVE-2017-6774
17 Aug 2017 — A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug... • http://www.securityfocus.com/bid/100386 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2017-6612
https://notcve.org/view.php?id=CVE-2017-6612
25 Jul 2017 — A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927. Una vulnerabilidad en el nodo de soporte del gateway GPRS (GGSN) de ASR 5000 Series Aggregation Services Routers versión 17.3.9.62033 hasta 21.1.2 de Cisco, podría permitir a un atacante remoto no autenticado redireccionar el tráfico HTTP envi... • http://www.securityfocus.com/bid/99920 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2017-6672
https://notcve.org/view.php?id=CVE-2017-6672
25 Jul 2017 — A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870. Una vulnerabilidad en ciertos mecanismos de filtrado de listas de control de acceso (ACL) para ASR 5000 Series Aggrega... • http://www.securityfocus.com/bid/99921 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2017-6729
https://notcve.org/view.php?id=CVE-2017-6729
10 Jul 2017 — A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Seri... • http://www.securityfocus.com/bid/100015 •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6690
https://notcve.org/view.php?id=CVE-2017-6690
13 Jun 2017 — A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Una vulnerabilidad en la operaci... • http://www.securityfocus.com/bid/98998 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 0CVE-2017-3819 – Cisco Security Advisory 20170315-asr
https://notcve.org/view.php?id=CVE-2017-3819
15 Mar 2017 — A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface... • http://www.securityfocus.com/bid/96913 • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-9216
https://notcve.org/view.php?id=CVE-2016-9216
26 Jan 2017 — An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.6... • http://www.securityfocus.com/bid/95629 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-6467
https://notcve.org/view.php?id=CVE-2016-6467
14 Dec 2016 — A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. Una vulnerabilidad en el reensamblaje... • http://www.securityfocus.com/bid/94772 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-9203
https://notcve.org/view.php?id=CVE-2016-9203
14 Dec 2016 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known Fixed Releases: 21.1.M0.65431 21.1.PP0.65733 21.1.R0.65467 21.1.R0.65496 21.1.VC0.65434 21.1.VC0.65489 21.2.A0.65437. Una vulnerabilidad en la característica Internet Key Exchange Version 2 (IKEv2) de Cisco ASR 5000 Series Software po... • http://www.securityfocus.com/bid/94790 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •