CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0239
https://notcve.org/view.php?id=CVE-2018-0239
A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. • http://www.securityfocus.com/bid/103923 http://www.securitytracker.com/id/1040720 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0224
https://notcve.org/view.php?id=CVE-2018-0224
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807. • http://www.securityfocus.com/bid/103344 http://www.securitytracker.com/id/1040466 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0122
https://notcve.org/view.php?id=CVE-2018-0122
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. • http://www.securityfocus.com/bid/103028 http://www.securitytracker.com/id/1040340 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 58EXPL: 0CVE-2017-6707
https://notcve.org/view.php?id=CVE-2017-6707
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. Una vulnerabilidad en el código command-parsing de la CLI del sistema operativo StarOS de Cisco para dispositivos ASR 5000 Series versión 11.0 hasta 21.0, 5500 Series y 5700 Series de Cisco y el software Virtualized Packet Core (VPC) de Cisco, podría permitir a un atacante local autenticado interrumpir la CLI del StarOS de un sistema afectado y ejecutar comandos shell arbitrarios como usuario root de Linux en el sistema, también se conoce como Inyección de Comandos. • http://www.securityfocus.com/bid/99462 http://www.securitytracker.com/id/1038818 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3865
https://notcve.org/view.php?id=CVE-2017-3865
A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0. • http://www.securityfocus.com/bid/99218 http://www.securitytracker.com/id/1038748 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr •