Page 3 of 25 results (0.004 seconds)

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

08 Mar 2018 — A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A suc... • http://www.securityfocus.com/bid/103344 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0

08 Feb 2018 — A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A suc... • http://www.securityfocus.com/bid/103028 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

18 Jan 2018 — A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root p... • http://www.securityfocus.com/bid/102788 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

01 May 2015 — The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. El servicio de la gestión de sesiones en Cisco StarOS 12.0, 12.2(300), 14.0, y 14.0(600) en los dispositivos ASR 5000 permite a atacantes remotos causar una denegación de servicio (recarga de servicio y perdida de paquete) a través de paquetes HTTP malformados, también cono... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38580 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

29 Apr 2015 — The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. El servicio hamgr en la implementación IPv6 Proxy Mobile (PM) en Cisco StarOS 18.1.0.59776 en los dispositivos ASR 5000 permite a atacantes remotos causar una denegación de servicio (recarga de servicio e interrupción del procesamiento de llamadas) a tra... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38557 • CWE-399: Resource Management Errors •