Vulnerabilites related to cisco - asr_5000_software
Vulnerability from fkie_nvd
Published
2016-06-23 00:59
Modified
2024-11-21 02:46
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asrVendor Advisory
psirt@cisco.comhttp://www.securitytracker.com/id/1036152
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036152
Impacted products
Vendor Product Version
cisco asr_5000_software 17.2.0
cisco asr_5000_software 17.2.0.59184
cisco asr_5000_software 17.3.1
cisco asr_5000_software 17.7.0
cisco asr_5000_software 18.0.0
cisco asr_5000_software 18.0.0.57828
cisco asr_5000_software 18.0.0.59167
cisco asr_5000_software 18.0.0.59211
cisco asr_5000_software 18.0.l0.59219
cisco asr_5000_software 18.1.0
cisco asr_5000_software 18.1.0.59776
cisco asr_5000_software 18.1.0.59780
cisco asr_5000_software 18.1_base
cisco asr_5000_software 18.4.0
cisco asr_5000_software 19.0.1
cisco asr_5000_software 19.0.m0.60737
cisco asr_5000_software 19.0.m0.60828
cisco asr_5000_software 19.0.m0.61045
cisco asr_5000_software 19.1.0
cisco asr_5000_software 19.1.0.61559
cisco asr_5000_software 19.2.0
cisco asr_5000_software 19.3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1AAF0E-D72B-4F76-BDEE-F4A5D52827BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.2.0.59184:*:*:*:*:*:*:*",
              "matchCriteriaId": "6564BD37-C0DC-4804-B892-ACDC40ABA30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0798EBF4-3F40-4BF4-B1B0-E8DB62CD0752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAD7B1D-F05F-4C7A-A9C7-D7F3AA268BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD5F3E18-1B7C-42F8-8663-AAC6AE299BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.57828:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF930785-B365-4D87-BBDD-F1DD7E84F713",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.59167:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FDB9CE-8282-44CC-87D4-970463868E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.59211:*:*:*:*:*:*:*",
              "matchCriteriaId": "423FC5E3-2B6A-468A-B3C0-BA15C7ED989B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.l0.59219:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EAE388B-88F8-480B-8580-B64C9DD1E62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B14A1C6-B14A-453C-9368-A05D56F83100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1.0.59776:*:*:*:*:*:*:*",
              "matchCriteriaId": "336BDB6D-0386-4668-BB27-6279172CB782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1.0.59780:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D23DD3-EF51-49B8-8E2A-95D11BCC3901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FAB6518-33BF-40A7-8179-CD84A78CBF3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4CCB5CA-CB83-4900-8AC3-43355DA36A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D300F74-79BD-4054-90F3-22FCD3E1FDA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60737:*:*:*:*:*:*:*",
              "matchCriteriaId": "367EE318-4040-42C7-831C-747A71B7545C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60828:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E59FC3-EC5C-43E9-8444-2CC1ADC052DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.61045:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF555599-94A2-4E5A-A487-75D67297BC2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D26DF95-B1FB-4720-BAE0-33698CD5EB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.1.0.61559:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EAC723-2922-40C2-8B5A-56B51B33DCE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6188B2-D27E-4FBE-B5C3-BC439D5CC405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A4BA17-D3C2-4CB0-A1CA-F40D63A022FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n General Packet Radio Switching Tunneling Protocol 1 (tambi\u00e9n conocido como GTPv1) en dispositivos Cisco ASR 5000 Packet Data Network Gateway en versiones anteriores a 19.4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del proceso del Administrador de sesi\u00f3n) a trav\u00e9s de un paquete GTPv1 manipulado, tambi\u00e9n conocido como Bug ID CSCuz46198."
    }
  ],
  "id": "CVE-2016-1436",
  "lastModified": "2024-11-21T02:46:26.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-23T00:59:05.177",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1036152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036152"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-17 20:29
Modified
2024-11-21 03:30
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/100376Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1039181Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100376Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039181Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1Vendor Advisory
Impacted products
Vendor Product Version
cisco asr_5000_software 21.0.v0.65839


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*",
              "matchCriteriaId": "1206A9D2-0AA2-4F7A-9AE8-D0BAC299DA9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el CLI de Cisco ASR 5000 Series Aggregated Services Routers ejecutando el sistema operativo Cisco StarOS podr\u00eda permitir que un atacante local autenticado omita las restricciones de CLI y ejecute comandos en el sistema operativo subyacente. Esta vulnerabilidad se debe a la insuficiente sanitizaci\u00f3n de las entradas proporcionadas por el usuario en el CLI. Un atacante podr\u00eda explotar esta vulnerabilidad creando un script en el dispositivo que les permitir\u00e1 omitir las restricciones incorporadas. Un exploit podr\u00eda permitir que el usuario sin autorizaci\u00f3n lance el CLI directamente desde una consola de comandos. Cisco Bug IDs: CSCvd47722. Versiones afectadas conocidas: 21.0.v0.65839."
    }
  ],
  "id": "CVE-2017-6773",
  "lastModified": "2024-11-21T03:30:29.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-17T20:29:00.527",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100376"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039181"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-16 01:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asrVendor Advisory
psirt@cisco.comhttp://www.securitytracker.com/id/1033792Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033792Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco asr_5000_software 18.0.0.57828
cisco asr_5000_software 19.0.m0.61045


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.0.0.57828:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE69A4E1-0E64-4C80-83B9-2595AD786628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.0.m0.61045:*:*:*:*:*:*:*",
              "matchCriteriaId": "E331E868-4E6C-4AD8-9ECE-346C6901816A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984."
    },
    {
      "lang": "es",
      "value": "Dispositivos Cisco ASR 5000 y 5500 con software 18.0.0.57828 y 19.0.M0.61045 permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del proceso vpnmgr) a trav\u00e9s de una cabecera manipulada en un paquete TACACS, tambi\u00e9n conocido como Bug ID CSCuw01984."
    }
  ],
  "id": "CVE-2015-6334",
  "lastModified": "2024-11-21T02:34:48.563",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-16T01:59:08.153",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033792"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-03 21:59
Modified
2024-11-21 02:56
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/94071
psirt@cisco.comhttp://www.securitytracker.com/id/1037186
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94071
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037186
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asrVendor Advisory
Impacted products
Vendor Product Version
cisco asr_5000_software 18.0.0
cisco asr_5000_software 18.0.0.57828
cisco asr_5000_software 18.0.0.59167
cisco asr_5000_software 18.0.0.59211
cisco asr_5000_software 18.0.l0.59219
cisco asr_5000_software 18.1.0
cisco asr_5000_software 18.1.0.59776
cisco asr_5000_software 18.1.0.59780
cisco asr_5000_software 18.1_base
cisco asr_5000_software 18.3.0
cisco asr_5000_software 18.3_base
cisco asr_5000_software 18.4.0
cisco asr_5000_software 19.0.1
cisco asr_5000_software 19.0.m0.60737
cisco asr_5000_software 19.0.m0.60828
cisco asr_5000_software 19.0.m0.61045
cisco asr_5000_software 19.1.0
cisco asr_5000_software 19.1.0.61559
cisco asr_5000_software 19.2.0
cisco asr_5000_software 19.3.0
cisco asr_5000_software 20.0.0
cisco asr_5500 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA3A1A8-8887-425E-B69E-54C7541087B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.0.0.57828:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE69A4E1-0E64-4C80-83B9-2595AD786628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.0.0.59167:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EA80B89-0EF8-4CD6-AFE8-ECEED1EC4CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.0.0.59211:*:*:*:*:*:*:*",
              "matchCriteriaId": "15DC3259-D652-48D4-B702-876A0118678F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.0.l0.59219:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CAB002D-F6FC-4CF6-BAC8-D004196FE8EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9391685F-D6CB-4C0C-AA05-B18FDC72956F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.1.0.59776:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8324B02-1572-4AF2-8ECC-4EF0A4F7E54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.1.0.59780:*:*:*:*:*:*:*",
              "matchCriteriaId": "252F8DBD-D534-42DD-8453-5347FF7A4C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "3623A408-299E-4044-B64A-F250AFDFE1E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCDC5CFA-9557-4EC0-815B-E9357469A77C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.3_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "E527CF15-AEF3-4D9C-840D-77E7126FA2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:18.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C64A96-25D5-4D54-9C2C-EBD1DEE1D858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "903698E4-09B3-4D2D-B32B-BBC93BA9D112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.0.m0.60737:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC868B9-5620-4C27-BE41-1159BAB9A588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.0.m0.60828:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E781AA0-392F-41C1-960D-E07981B34CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.0.m0.61045:*:*:*:*:*:*:*",
              "matchCriteriaId": "E331E868-4E6C-4AD8-9ECE-346C6901816A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "393BD120-C307-49C2-92FB-64383F79EA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.1.0.61559:*:*:*:*:*:*:*",
              "matchCriteriaId": "430419D4-5184-48CC-8DDB-2E1BDDCAE9E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "322B6E97-DF1F-45D3-8935-2FF982E19EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:19.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E5CBAC-6114-4D07-ADBB-50C7741876D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asr_5000_software:20.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "19EAF4FE-F46A-4801-B7C1-F1372107A5A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el Slowpath de StarOS para routers Cisco ASR 5500 Series con Data Processing Card 2 (DPC2) podr\u00edan permitir a un atacante remoto no autenticado provocar a un subconjunto de las sesiones de suscripci\u00f3n para ser desconectadas, resultando en una condici\u00f3n parcial de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta a dispositivos Cisco ASR 5500 con Data Processing Card 2 (DPC2) ejecutando StarOS 18.0 o versiones posteriores. M\u00e1s informaci\u00f3n: CSCvb12081. Lanzamientos afectados conocidos: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Lanzamientos conocidos solucionados: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147."
    }
  ],
  "id": "CVE-2016-6455",
  "lastModified": "2024-11-21T02:56:10.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-03T21:59:10.967",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/94071"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037186"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-17 20:29
Modified
2024-11-21 03:30
Severity ?
5.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Summary
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/100381Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1039183Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100381Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039183Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3Vendor Advisory
Impacted products
Vendor Product Version
cisco asr_5000_software 21.0.v0.65839


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*",
              "matchCriteriaId": "1206A9D2-0AA2-4F7A-9AE8-D0BAC299DA9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el CLI de Cisco ASR 5000 Series Aggregated Services Routers ejecutando el sistema operativo Cisco StarOS podr\u00eda permitir que un atacante local autenticado eleve sus privilegios hasta el nivel de administrador. Esta vulnerabilidad se debe a permisos incorrectos que son entregados a un conjunto de usuarios. Un atacante podr\u00eda explotar esta vulnerabilidad iniciando sesi\u00f3n en la shell de un dispositivo afectado y elevando sus privilegios modificando variables de entorno. Un exploit podr\u00eda permitir que el atacante obtenga privilegios de nivel administrativo y obtenga el control del dispositivo afectado. Cisco Bug IDs: CSCvd47741. Versiones afectadas conocidas: 21.0.v0.65839."
    }
  ],
  "id": "CVE-2017-6775",
  "lastModified": "2024-11-21T03:30:30.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 3.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-17T20:29:00.590",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100381"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039183"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-15 16:59
Modified
2024-11-21 02:46
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asrVendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/91756
psirt@cisco.comhttp://www.securitytracker.com/id/1036298
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91756
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036298
Impacted products
Vendor Product Version
cisco asr_5000 -
cisco asr_5000_software 18.3.0
cisco asr_5000_software 18.3_base
cisco asr_5000_software 19.0.1
cisco asr_5000_software 19.0.m0.60737
cisco asr_5000_software 19.0.m0.60828
cisco asr_5000_software 19.0.m0.61045
cisco asr_5000_software 19.1.0
cisco asr_5000_software 19.1.0.61559
cisco asr_5000_software 19.2.0
cisco asr_5000_software 19.3.0
cisco asr_5000_software 20.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF3BDCAA-9E20-4DD6-A6FD-29E3FE79E98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.3_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B1C78C-5349-4D4F-B3D1-DB76D432C520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D300F74-79BD-4054-90F3-22FCD3E1FDA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60737:*:*:*:*:*:*:*",
              "matchCriteriaId": "367EE318-4040-42C7-831C-747A71B7545C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60828:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E59FC3-EC5C-43E9-8444-2CC1ADC052DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.61045:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF555599-94A2-4E5A-A487-75D67297BC2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D26DF95-B1FB-4720-BAE0-33698CD5EB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.1.0.61559:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EAC723-2922-40C2-8B5A-56B51B33DCE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6188B2-D27E-4FBE-B5C3-BC439D5CC405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A4BA17-D3C2-4CB0-A1CA-F40D63A022FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD3C35D-0CDD-4E67-99CC-1A7CB0C5042F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526."
    },
    {
      "lang": "es",
      "value": "Dispositivos Cisco ASR 5000 con software 18.3 hasta la versi\u00f3n 20.0.0 permiten a atacantes remotos realizar cambios de configuraci\u00f3n sobre SNMP aprovechando los conocimientos de la comunidad de lectura y escritura, tambi\u00e9n conocido como Bug ID CSCuz29526."
    }
  ],
  "id": "CVE-2016-1452",
  "lastModified": "2024-11-21T02:46:28.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-15T16:59:06.207",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/91756"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1036298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036298"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-10 20:29
Modified
2024-11-21 03:30
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/100015Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1038819Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-starosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100015Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038819Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-starosVendor Advisory
Impacted products
Vendor Product Version
cisco asr_5000_software 16.4.1
cisco asr_5000_software 16.5.0
cisco asr_5000_software 16.5.2
cisco asr_5000_software 17.2.0
cisco asr_5000_software 17.2.0.59184
cisco asr_5000_software 17.3.0
cisco asr_5000_software 17.3.1
cisco asr_5000_software 17.3.9.62033
cisco asr_5000_software 17.3_base
cisco asr_5000_software 17.7.0
cisco asr_5000_software 17.7.5
cisco asr_5000_software 18.0.0
cisco asr_5000_software 18.0.0.57828
cisco asr_5000_software 18.0.0.59167
cisco asr_5000_software 18.0.0.59211
cisco asr_5000_software 18.0.l0.59219
cisco asr_5000_software 18.1.0
cisco asr_5000_software 18.1.0.59776
cisco asr_5000_software 18.1.0.59780
cisco asr_5000_software 18.1_base
cisco asr_5000_software 18.3.0
cisco asr_5000_software 18.3_base
cisco asr_5000_software 18.4.0
cisco asr_5000_software 19.0.1
cisco asr_5000_software 19.0.m0.60737
cisco asr_5000_software 19.0.m0.60828
cisco asr_5000_software 19.0.m0.61045
cisco asr_5000_software 19.1.0
cisco asr_5000_software 19.1.0.61559
cisco asr_5000_software 19.2.0
cisco asr_5000_software 19.3.0
cisco asr_5000_software 19.6.3
cisco asr_5000_software 19.6_base
cisco asr_5000_software 20.0.0
cisco asr_5000_software 20.0.1.0
cisco asr_5000_software 20.0.1.a0
cisco asr_5000_software 20.0.1.v0
cisco asr_5000_software 20.0.2.3
cisco asr_5000_software 20.0.2.3.65026
cisco asr_5000_software 20.0.2.v1
cisco asr_5000_software 20.0.m0.62842
cisco asr_5000_software 20.0.m0.63229
cisco asr_5000_software 20.0.v0
cisco asr_5000_software 20.1.v2
cisco asr_5000_software 20.1_base
cisco asr_5000_software 20.2.12
cisco asr_5000_software 20.2_base
cisco asr_5000_software 21.0.0
cisco asr_5000_software 21.0.v1
cisco asr_5000_software 21.0_base
cisco asr_5000_software 21.0_m0.64246
cisco asr_5000_software 21.0_m0.64702
cisco asr_5000 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:16.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7328828D-C398-445D-9D39-151ACBC64092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:16.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A03BA11-CE7E-4CE1-BA13-9F3DB66EF4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:16.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CF07C8-2BB2-4C87-9B53-1F5FD6B166AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1AAF0E-D72B-4F76-BDEE-F4A5D52827BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.2.0.59184:*:*:*:*:*:*:*",
              "matchCriteriaId": "6564BD37-C0DC-4804-B892-ACDC40ABA30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF91C11-C7BD-48CC-89B1-743B74B993B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0798EBF4-3F40-4BF4-B1B0-E8DB62CD0752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.3.9.62033:*:*:*:*:*:*:*",
              "matchCriteriaId": "B511EAC1-E9DA-4E11-8BFE-02AFC55A5A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.3_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3CE2F2-C090-4399-B76E-A9F49A629C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAD7B1D-F05F-4C7A-A9C7-D7F3AA268BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:17.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "39EF2980-0D33-4EC9-A8C9-1E0DC03B494C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD5F3E18-1B7C-42F8-8663-AAC6AE299BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.57828:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF930785-B365-4D87-BBDD-F1DD7E84F713",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.59167:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FDB9CE-8282-44CC-87D4-970463868E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.59211:*:*:*:*:*:*:*",
              "matchCriteriaId": "423FC5E3-2B6A-468A-B3C0-BA15C7ED989B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.0.l0.59219:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EAE388B-88F8-480B-8580-B64C9DD1E62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B14A1C6-B14A-453C-9368-A05D56F83100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1.0.59776:*:*:*:*:*:*:*",
              "matchCriteriaId": "336BDB6D-0386-4668-BB27-6279172CB782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1.0.59780:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D23DD3-EF51-49B8-8E2A-95D11BCC3901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FAB6518-33BF-40A7-8179-CD84A78CBF3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF3BDCAA-9E20-4DD6-A6FD-29E3FE79E98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.3_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B1C78C-5349-4D4F-B3D1-DB76D432C520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:18.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4CCB5CA-CB83-4900-8AC3-43355DA36A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D300F74-79BD-4054-90F3-22FCD3E1FDA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60737:*:*:*:*:*:*:*",
              "matchCriteriaId": "367EE318-4040-42C7-831C-747A71B7545C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60828:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E59FC3-EC5C-43E9-8444-2CC1ADC052DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.61045:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF555599-94A2-4E5A-A487-75D67297BC2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D26DF95-B1FB-4720-BAE0-33698CD5EB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.1.0.61559:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EAC723-2922-40C2-8B5A-56B51B33DCE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6188B2-D27E-4FBE-B5C3-BC439D5CC405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A4BA17-D3C2-4CB0-A1CA-F40D63A022FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB176F9B-DB94-48CB-B9CA-AD430389E291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.6_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "608F39FC-1972-4B9D-9533-B56227C09D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD3C35D-0CDD-4E67-99CC-1A7CB0C5042F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "306E301C-B770-4D3A-8EF9-8A9082BC267E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.1.a0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA394A72-446F-4821-B449-4C5D532840AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.1.v0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90A76D-217A-4002-AA04-EE13C3695AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29F2B8EF-2E7A-4125-80FF-D315A833597E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.2.3.65026:*:*:*:*:*:*:*",
              "matchCriteriaId": "C402E840-E6EB-407D-89F9-CA71002B163A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.2.v1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FA07D86-8F8D-4E98-B486-940A7B253427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.m0.62842:*:*:*:*:*:*:*",
              "matchCriteriaId": "4065C54C-C9E7-403F-A063-BE953D677686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.m0.63229:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB3F67C-1277-4523-9B0E-0AB9D62A32C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.0.v0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4459D79-0EF9-4267-8E2F-A3E0FCDC5689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.1.v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8746987C-A623-4770-95BC-0855CBE253B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "90596B64-BB15-4533-88B7-E1F695743596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5145A11F-A30B-4F26-9C2A-665752DA962E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:20.2_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42081F4-2724-4C85-9B6C-FB6E65A4BA57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68A8EDBF-CED2-4EE1-9FB8-0865796F969D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0.v1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CF48A0-BE7D-43D1-A9B7-1D9A0CEA42C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "9529FCD0-C49B-4C21-972F-66C9E8744339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0_m0.64246:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C5D474-B72D-4B66-B838-39E758963A2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0_m0.64702:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54736D7-526F-439D-A0BF-C9D2D090F9D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad de procesamiento Border Gateway Protocol (BGP) del sistema operativo Cisco StarOS para Cisco ASR 5000 Series Router y el software Cisco Virtualized Packet Core (VPC), podr\u00eda permitir a un atacante remoto no autenticado causar la recarga del proceso BGP en un sistema afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta a los productos siguientes si est\u00e1n ejecut\u00e1ndose en el sistema operativo Cisco StarOS y el BGP se habilita para el sistema: Cisco ASR 5000 Series Router y Cisco Virtualized Packet Core Software. M\u00e1s informaci\u00f3n: CSCvc44968. Versiones afectadas conocidas: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Versiones fijas conocidas: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.1.0."
    }
  ],
  "id": "CVE-2017-6729",
  "lastModified": "2024-11-21T03:30:23.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-10T20:29:00.547",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100015"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038819"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-30 10:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asrVendor Advisory
psirt@cisco.comhttp://www.securitytracker.com/id/1034024
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034024
Impacted products
Vendor Product Version
cisco asr_5000_software 19.1.0.61559
cisco asr_5000_software 19.2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.1.0.61559:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EAC723-2922-40C2-8B5A-56B51B33DCE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6188B2-D27E-4FBE-B5C3-BC439D5CC405",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Cisco ASR 5500 System Architecture Evolution (SAE) Gateway con software 19.1.0.61559 y 19.2.0 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de proceso BGP) a trav\u00e9s de una cabecera manipulada en un paquete BGP, tambi\u00e9n conocida como Bug ID CSCuw65781."
    }
  ],
  "id": "CVE-2015-6351",
  "lastModified": "2024-11-21T02:34:50.157",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-30T10:59:09.527",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034024"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-13 06:29
Modified
2024-11-21 03:30
Severity ?
4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/98998Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1038634
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-starosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98998Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038634
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-starosVendor Advisory
Impacted products
Vendor Product Version
cisco asr_5000_software 21.0.v0.65839
cisco asr_5000_software 21.3.m0.67005
cisco asr_5000 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*",
              "matchCriteriaId": "1206A9D2-0AA2-4F7A-9AE8-D0BAC299DA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.3.m0.67005:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD144CF4-7810-4467-B894-D3EA6E84530C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la operaci\u00f3n de comprobaci\u00f3n de archivos de Enrutadores ASR 5000 Series Aggregated Services de Cisco, que ejecutan el sistema operativo StarOS de Cisco, podr\u00eda permitir a un atacante remoto autenticado sobrescribir o modificar los archivos arbitrarios en un sistema afectado. M\u00e1s informaci\u00f3n: CSCvd73726. Versiones Afectadas Conocidas: 21.0.v0.65839 21.3.M0.67005. Versiones Corregidas Conocidas: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083."
    }
  ],
  "id": "CVE-2017-6690",
  "lastModified": "2024-11-21T03:30:18.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T06:29:01.550",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98998"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1038634"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-27 02:59
Modified
2024-11-21 02:34
Severity ?
Summary
The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdmaVendor Advisory
psirt@cisco.comhttp://www.securitytracker.com/id/1033872Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdmaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033872Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco asr_5000_software 19.0.m0.60737


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60737:*:*:*:*:*:*:*",
              "matchCriteriaId": "367EE318-4040-42C7-831C-747A71B7545C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280."
    },
    {
      "lang": "es",
      "value": "El componente Proxy Mobile IPv6 (PMIPv6) en la implementaci\u00f3n CDMA en dispositivos Cisco ASR 5000 con software 19.0.M0.60737 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de proceso hamgr) a trav\u00e9s de una cabecera en un paquete PMIPv6, tambi\u00e9n conocido como Bug ID CSCuv63280."
    }
  ],
  "id": "CVE-2015-6340",
  "lastModified": "2024-11-21T02:34:49.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-27T02:59:01.683",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033872"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-17 20:29
Modified
2024-11-21 03:30
Severity ?
5.0 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/100386Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1039182Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100386Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039182Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2Vendor Advisory
Impacted products
Vendor Product Version
cisco asr_5000_software 21.0.v0.65839


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*",
              "matchCriteriaId": "1206A9D2-0AA2-4F7A-9AE8-D0BAC299DA9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco ASR 5000 Series Aggregated Services Routers ejecutando el sistema operativo Cisco StarOS podr\u00eda permitir que un atacante remoto autenticado sobrescriba o modifique archivos del sistema sensibles. Esta vulnerabilidad se debe a la inclusi\u00f3n de archivos sensibles del sistema en subdirectorios FTP espec\u00edficos. Un atacante podr\u00eda explotar esta vulnerabilidad sobrescribiendo archivos de configuraci\u00f3n sensibles mediante FTP. Un exploit podr\u00eda permitir que un atacante sobrescribiese archivos de configuraci\u00f3n en un sistema afectado. Cisco Bug IDs: CSCvd47739. Versiones afectadas conocidas: 21.0.v0.65839."
    }
  ],
  "id": "CVE-2017-6774",
  "lastModified": "2024-11-21T03:30:30.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-17T20:29:00.557",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100386"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039182"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2015-6334
Vulnerability from cvelistv5
Published
2015-10-16 01:00
Modified
2024-08-06 07:15
Severity ?
Summary
Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984.
References
http://www.securitytracker.com/id/1033792vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asrvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:15:13.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033792",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033792"
          },
          {
            "name": "20151012 Cisco ASR 5000 and ASR 5500 TACACS Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1033792",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033792"
        },
        {
          "name": "20151012 Cisco ASR 5000 and ASR 5500 TACACS Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033792",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033792"
            },
            {
              "name": "20151012 Cisco ASR 5000 and ASR 5500 TACACS Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6334",
    "datePublished": "2015-10-16T01:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:15:13.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-6690
Vulnerability from cvelistv5
Published
2017-06-13 06:00
Modified
2024-08-05 15:41
Severity ?
Summary
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-starosx_refsource_CONFIRM
http://www.securityfocus.com/bid/98998vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1038634vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a Cisco StarOS Version: Cisco StarOS
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:15.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
          },
          {
            "name": "98998",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98998"
          },
          {
            "name": "1038634",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038634"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2017-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary File Modification Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
        },
        {
          "name": "98998",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98998"
        },
        {
          "name": "1038634",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038634"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6690",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Modification Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
            },
            {
              "name": "98998",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98998"
            },
            {
              "name": "1038634",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038634"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6690",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:15.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1436
Vulnerability from cvelistv5
Published
2016-06-23 00:00
Modified
2024-08-05 22:55
Severity ?
Summary
The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asrvendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1036152vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160621 Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr"
          },
          {
            "name": "1036152",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036152"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160621 Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr"
        },
        {
          "name": "1036152",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036152"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1436",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160621 Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr"
            },
            {
              "name": "1036152",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036152"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1436",
    "datePublished": "2016-06-23T00:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6455
Vulnerability from cvelistv5
Published
2016-11-03 21:00
Modified
2024-08-06 01:29
Severity ?
Summary
A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147.
References
http://www.securitytracker.com/id/1037186vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/94071vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asrx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a Cisco StarOS 18.x through 21.x Version: Cisco StarOS 18.x through 21.x
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037186",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037186"
          },
          {
            "name": "94071",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94071"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS 18.x through 21.x",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS 18.x through 21.x"
            }
          ]
        }
      ],
      "datePublic": "2016-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unspecified",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1037186",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037186"
        },
        {
          "name": "94071",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94071"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6455",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS 18.x through 21.x",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS 18.x through 21.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unspecified"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037186",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037186"
            },
            {
              "name": "94071",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94071"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6455",
    "datePublished": "2016-11-03T21:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-6729
Vulnerability from cvelistv5
Published
2017-07-10 20:00
Modified
2024-08-05 15:41
Severity ?
Summary
A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0.
References
http://www.securityfocus.com/bid/100015vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1038819vdb-entry, x_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-starosx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a Cisco StarOS Version: Cisco StarOS
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100015",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100015"
          },
          {
            "name": "1038819",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2017-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100015",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100015"
        },
        {
          "name": "1038819",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6729",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100015",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100015"
            },
            {
              "name": "1038819",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038819"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6729",
    "datePublished": "2017-07-10T20:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1452
Vulnerability from cvelistv5
Published
2016-07-15 16:00
Modified
2024-08-05 22:55
Severity ?
Summary
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
References
http://www.securitytracker.com/id/1036298vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asrvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/91756vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036298",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036298"
          },
          {
            "name": "20160713 Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr"
          },
          {
            "name": "91756",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91756"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1036298",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036298"
        },
        {
          "name": "20160713 Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr"
        },
        {
          "name": "91756",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91756"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036298",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036298"
            },
            {
              "name": "20160713 Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr"
            },
            {
              "name": "91756",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91756"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1452",
    "datePublished": "2016-07-15T16:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-6340
Vulnerability from cvelistv5
Published
2015-10-27 01:00
Modified
2024-08-06 07:15
Severity ?
Summary
The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdmavendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1033872vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:15:13.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20151019 Cisco ASR 5000 CDMA PMIpv6 Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma"
          },
          {
            "name": "1033872",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033872"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20151019 Cisco ASR 5000 CDMA PMIpv6 Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma"
        },
        {
          "name": "1033872",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033872"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20151019 Cisco ASR 5000 CDMA PMIpv6 Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma"
            },
            {
              "name": "1033872",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033872"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6340",
    "datePublished": "2015-10-27T01:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:15:13.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-6351
Vulnerability from cvelistv5
Published
2015-10-30 10:00
Modified
2024-08-06 07:22
Severity ?
Summary
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.
References
http://www.securitytracker.com/id/1034024vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asrvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:20.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034024",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034024"
          },
          {
            "name": "20151028 Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1034024",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034024"
        },
        {
          "name": "20151028 Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034024",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034024"
            },
            {
              "name": "20151028 Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6351",
    "datePublished": "2015-10-30T10:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:20.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-6774
Vulnerability from cvelistv5
Published
2017-08-17 20:00
Modified
2024-09-17 03:49
Severity ?
Summary
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2vendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/100386vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1039182vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Cisco Systems, Inc. StarOS for ASR 5000 Series Aggregated Services Routers Version: 21.0.v0.65839
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20170816 Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2"
          },
          {
            "name": "100386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100386"
          },
          {
            "name": "1039182",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039182"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "StarOS for ASR 5000 Series Aggregated Services Routers",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "21.0.v0.65839"
            }
          ]
        }
      ],
      "datePublic": "2017-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Modification",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-18T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20170816 Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2"
        },
        {
          "name": "100386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100386"
        },
        {
          "name": "1039182",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039182"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2017-08-16T00:00:00",
          "ID": "CVE-2017-6774",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "StarOS for ASR 5000 Series Aggregated Services Routers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "21.0.v0.65839"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Modification"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20170816 Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2"
            },
            {
              "name": "100386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100386"
            },
            {
              "name": "1039182",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039182"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6774",
    "datePublished": "2017-08-17T20:00:00Z",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-09-17T03:49:16.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-6775
Vulnerability from cvelistv5
Published
2017-08-17 20:00
Modified
2024-09-16 20:32
Severity ?
Summary
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839.
References
http://www.securityfocus.com/bid/100381vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1039183vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Cisco Systems, Inc. StarOS for ASR 5000 Series Aggregated Services Routers Version: 21.0.v0.65839
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100381",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100381"
          },
          {
            "name": "20170816 Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3"
          },
          {
            "name": "1039183",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039183"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "StarOS for ASR 5000 Series Aggregated Services Routers",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "21.0.v0.65839"
            }
          ]
        }
      ],
      "datePublic": "2017-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-18T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100381",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100381"
        },
        {
          "name": "20170816 Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3"
        },
        {
          "name": "1039183",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039183"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2017-08-16T00:00:00",
          "ID": "CVE-2017-6775",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "StarOS for ASR 5000 Series Aggregated Services Routers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "21.0.v0.65839"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100381",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100381"
            },
            {
              "name": "20170816 Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3"
            },
            {
              "name": "1039183",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039183"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6775",
    "datePublished": "2017-08-17T20:00:00Z",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-09-16T20:32:22.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-6773
Vulnerability from cvelistv5
Published
2017-08-17 20:00
Modified
2024-09-17 02:21
Severity ?
Summary
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839.
References
http://www.securityfocus.com/bid/100376vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1039181vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Cisco Systems, Inc. StarOS for ASR 5000 Series Aggregated Services Routers Version: 21.0.v0.65839
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.105Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100376"
          },
          {
            "name": "20170816 Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1"
          },
          {
            "name": "1039181",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "StarOS for ASR 5000 Series Aggregated Services Routers",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "21.0.v0.65839"
            }
          ]
        }
      ],
      "datePublic": "2017-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-18T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100376"
        },
        {
          "name": "20170816 Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1"
        },
        {
          "name": "1039181",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039181"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2017-08-16T00:00:00",
          "ID": "CVE-2017-6773",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "StarOS for ASR 5000 Series Aggregated Services Routers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "21.0.v0.65839"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100376"
            },
            {
              "name": "20170816 Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1"
            },
            {
              "name": "1039181",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039181"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6773",
    "datePublished": "2017-08-17T20:00:00Z",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-09-17T02:21:21.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}