5 results (0.011 seconds)

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. • http://www.securityfocus.com/bid/100376 http://www.securitytracker.com/id/1039181 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. • http://www.securityfocus.com/bid/100386 http://www.securitytracker.com/id/1039182 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2 • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. • http://www.securityfocus.com/bid/100381 http://www.securitytracker.com/id/1039183 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3 •

CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0

A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0. • http://www.securityfocus.com/bid/100015 http://www.securitytracker.com/id/1038819 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Una vulnerabilidad en la operación de comprobación de archivos de Enrutadores ASR 5000 Series Aggregated Services de Cisco, que ejecutan el sistema operativo StarOS de Cisco, podría permitir a un atacante remoto autenticado sobrescribir o modificar los archivos arbitrarios en un sistema afectado. • http://www.securityfocus.com/bid/98998 http://www.securitytracker.com/id/1038634 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros • CWE-20: Improper Input Validation •