CVE-2017-3819
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.
Una vulnerabilidad de escalada de privilegios en el subsistema Secure Shell (SSH) en el sistema operativo StarOS para dispositivos Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series y Cisco Virtualized Packet Core podrían permitir a un atacante remoto autenticado obtener acceso no restringido al shell del root. La vulnerabilidad se debe a falta de validación de entrada de los parámetros pasados ??durante el inicio de sesión de SSH o SFTP. Un atacante podría explotar esta vulnerabilidad proporcionando una entrada de usuario manipulada a la interfaz de línea de comandos (CLI) de SSH o SFTP durante el inicio de sesión de SSH o SFTP. Una explotación podría permitir a un atacante autenticado obtener acceso privilegiado al root en el router. Nota: Sólo se puede utilizar tráfico dirigido al sistema afectado para explotar esta vulnerabilidad. Esta vulnerabilidad puede ser desencadenada a través de tráfico tanto IPv4 como IPv6. Se necesita una conexión TCP establecida hacia el puerto 22, el puerto por defecto SSH, para realizar el ataque. El atacante debe tener credenciales válidas para iniciar sesión en el sistema a través de SSH o SFTP. Se ha confirmado que los siguientes productos son vulnerables: los dispositivos Cisco ASR 5000/5500/5700 que ejecutan StarOS después de 17.7.0 y anteriores a 18.7.4, 19.5 y 20.2.3 con SSH configurados son vulnerables. Los dispositivos Cisco Virtualized Packet Core - Single Instance (VPC-SI) y Distributed Instrance (VPC-DI) que ejecutan StarOS en versiones anteriores a N4.2.7 (19.3.v7) y N4.7 (20.2.v0) con SSH configurado son vulnerables. ID de errores de Cisco: CSCva65853.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-21 CVE Reserved
- 2017-03-15 CVE Published
- 2023-05-11 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96913 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038050 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.0.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.0.0.57828 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.0.0.57828" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.0.0.59167 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.0.0.59167" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.0.0.59211 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.0.0.59211" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.0.l0.59219 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.0.l0.59219" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.1.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.1.0.59776 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.1.0.59776" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.1.0.59780 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.1.0.59780" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.1_base Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.1_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.3.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.3_base Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.3_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 18.4.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "18.4.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.0.1 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.0.m0.60737 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.0.m0.60737" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.0.m0.60828 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.0.m0.60828" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.0.m0.61045 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.0.m0.61045" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.1.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.1.0.61559 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.1.0.61559" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.2.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 19.3.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "19.3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asr 5000 Series Software Search vendor "Cisco" for product "Asr 5000 Series Software" | 20.0.0 Search vendor "Cisco" for product "Asr 5000 Series Software" and version "20.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Virtualized Packet Core Search vendor "Cisco" for product "Virtualized Packet Core" | v18.0_base Search vendor "Cisco" for product "Virtualized Packet Core" and version "v18.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Virtualized Packet Core Search vendor "Cisco" for product "Virtualized Packet Core" | v19.0_base Search vendor "Cisco" for product "Virtualized Packet Core" and version "v19.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Virtualized Packet Core Search vendor "Cisco" for product "Virtualized Packet Core" | v20.0_base Search vendor "Cisco" for product "Virtualized Packet Core" and version "v20.0_base" | - |
Affected
| ||||||