CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2018-0217
https://notcve.org/view.php?id=CVE-2018-0217
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. • http://www.securityfocus.com/bid/103346 http://www.securitytracker.com/id/1040466 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 10EXPL: 0CVE-2018-0117
https://notcve.org/view.php?id=CVE-2018-0117
A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. • http://www.securityfocus.com/bid/102970 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-vpcdi • CWE-20: Improper Input Validation •