4 results (0.019 seconds)

CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927. Una vulnerabilidad en el nodo de soporte del gateway GPRS (GGSN) de ASR 5000 Series Aggregation Services Routers versión 17.3.9.62033 hasta 21.1.2 de Cisco, podría permitir a un atacante remoto no autenticado redireccionar el tráfico HTTP enviado hacia un dispositivo afectado. Más información: CSCvc67927. • http://www.securityfocus.com/bid/99920 http://www.securitytracker.com/id/1038961 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 0

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. • http://www.securityfocus.com/bid/96913 http://www.securitytracker.com/id/1038050 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. La implementación de SSH en Cisco StarOS en versiones anteriores a 19.3.M0.62771 y 20.x en versiones anteriores a 20.0.M0.62768 en dispositivos ASR 5000 no maneja correctamente una configuración de autenticación de clave pública multi usuario, lo que permite a usuarios remotos autenticados obtener privilegios estableciendo una conexión desde un dispositivo final que fue previamente utilizado para la conexión de un administrador, también conocida como Bug ID CSCux22492. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr http://www.securitytracker.com/id/1035062 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. Vulnerabilidad en los dispositvos Cisco ASR 5000 con software 19.0.M0.60828 permite a atacantes remotos causar una denegación de servicio (reinicio del proceso OSPF) a través de campos de longitud manipulados en las cabeceras de los paquetes OSPF, también conocido como Bug ID CSCuv62820. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40585 http://www.securitytracker.com/id/1033355 • CWE-20: Improper Input Validation •