CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-1540 – Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1540
04 Jun 2021 — Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el proceso de autorización de Cisco ASR 5000 Series Software (StarOS), podría permitir a un atacante remoto autenticado omitir la autorización y ejecutar un subcon... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-1539 – Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1539
04 Jun 2021 — Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el proceso de autorización de Cisco ASR 5000 Series Software (StarOS), podría permitir a un atacante remoto autenticado omitir la autorización y ejecutar un subcon... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n • CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-1353 – Cisco StarOS IPv4 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1353
20 Jan 2021 — A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, lead... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3500 – Cisco StarOS IPv6 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3500
17 Aug 2020 — A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-6678
https://notcve.org/view.php?id=CVE-2017-6678
26 Jun 2017 — A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to t... • http://www.securityfocus.com/bid/99195 • CWE-399: Resource Management Errors CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 0CVE-2017-3819 – Cisco Security Advisory 20170315-asr
https://notcve.org/view.php?id=CVE-2017-3819
15 Mar 2017 — A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface... • http://www.securityfocus.com/bid/96913 • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6466
https://notcve.org/view.php?id=CVE-2016-6466
19 Nov 2016 — A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Kno... • http://www.securityfocus.com/bid/94361 • CWE-399: Resource Management Errors •