CVE-2018-0224
https://notcve.org/view.php?id=CVE-2018-0224
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807. • http://www.securityfocus.com/bid/103344 http://www.securitytracker.com/id/1040466 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-0122
https://notcve.org/view.php?id=CVE-2018-0122
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. • http://www.securityfocus.com/bid/103028 http://www.securitytracker.com/id/1040340 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-0115
https://notcve.org/view.php?id=CVE-2018-0115
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. • http://www.securityfocus.com/bid/102788 http://www.securitytracker.com/id/1040239 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-0712
https://notcve.org/view.php?id=CVE-2015-0712
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. El servicio de la gestión de sesiones en Cisco StarOS 12.0, 12.2(300), 14.0, y 14.0(600) en los dispositivos ASR 5000 permite a atacantes remotos causar una denegación de servicio (recarga de servicio y perdida de paquete) a través de paquetes HTTP malformados, también conocido como Bug ID CSCud14217. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38580 http://www.securitytracker.com/id/1032219 • CWE-399: Resource Management Errors •
CVE-2015-0711
https://notcve.org/view.php?id=CVE-2015-0711
The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. El servicio hamgr en la implementación IPv6 Proxy Mobile (PM) en Cisco StarOS 18.1.0.59776 en los dispositivos ASR 5000 permite a atacantes remotos causar una denegación de servicio (recarga de servicio e interrupción del procesamiento de llamadas) a través de paquetes PM malformados, también conocido como Bug ID CSCut94711. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38557 http://www.securitytracker.com/id/1032213 • CWE-399: Resource Management Errors •