Vulnerability-Lookup - Search a vulnerability

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0711",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.2.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.1.0.59776"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.0.m0.60737"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.1.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.0.m0.60828"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.0.l0.59219"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v18.0_base"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v20.0_base"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.0.0.59211"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v19.0_base"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.3.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.4.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.0.m0.61045"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.0.57828"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.1.0.59780"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.0.1"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.0.59167"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.3_base"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.3.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.1.0.61559"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.1.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.1_base"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "20.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "18.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "17.0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "57000"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "55000"
      },
      {
        "model": "virtualized packet core software n4.7",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "(20.2)"
      },
      {
        "model": "virtualized packet core software n4.6",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "(20.1)"
      },
      {
        "model": "virtualized packet core software n4.5",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "(20.0)"
      },
      {
        "model": "virtualized packet core software n4.2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "(19.3)"
      },
      {
        "model": "virtualized packet core software n4.0",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "(19.2)"
      },
      {
        "model": "asr 5000 series software",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20.2.3"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "18.7.4"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.5"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "BID",
        "id": "96913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60737:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.61045:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.57828:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60828:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.3_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59776:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.1.0.61559:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v19.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v18.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59211:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59780:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v20.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.l0.59219:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59167:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "96913"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3819",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-3819",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-03298",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-112022",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-3819",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3819",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-03298",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-638",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-112022",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853. Vendors have confirmed this vulnerability Bug ID CSCva65853 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. CiscoStarOS is a set of operating systems operated by Cisco Systems Inc. in a series of routers such as 5000. A privilege elevation vulnerability exists in CiscoStarOS. Cisco StarOS is prone to a privilege-escalation vulnerability. Cisco ASR 5500 Series and so on are the 5500 and other series router equipment of Cisco (Cisco). There is a privilege escalation vulnerability in the SSH subsystem of the StarOS operating system in many Cisco products. \n\nCisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. \n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr\"]\n\n-----BEGIN PGP SIGNATURE-----\n\niQKBBAEBAgBrBQJYyWVsZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg\nSW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx\nNykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlB4A//abxGCJXva4/bR/wn\n5QMis+qjShEQId3TAqA3+YFFP4u1JGAFRDm77ieE0vJVSYDWJ3hGSNttYq1Pt+e0\nyMCbX1pXSN29nNvoTL2yORnYGBhYKEK2MmJXpjz0exPh4r+Is5s+JAB2bIJdVMip\ne4pPLOkZm8B008/7OgkCdBqY5TEo3X41m5HTq7RYSglf5pTfkM6O04U8pEIh8KOv\noi9gI3JVTj/Yh7EtJkLU6CNygg6INfY9B9EUV5Ctfus7AZfvPLzdG4Jl+57mrPWl\ntKCgCLsSUYvW/28TlRP72pwVoKWzLg2zhW1j98GAwUIfQXw6bt9jgAma2p8ZTiCa\n5LMWmOsrvaw8G6jfxr3ligTxoSGRikXfItZIMkWe0YuiS9aXQBwdcu7WwSyneM0J\nvtYqSsF/ktsMRrE3YhtrUw6GmQ/5zw9FsizcWWG2O4kAd0U02E+Mw+aPi7HvN92G\n+fPO0OaWakr4fAfxWF2rPcEnGg8idPT6BbSLvf+B330GPOiYGZP0M4kJwxZe7t25\nobpM3LJptZjN129fOGj/GlC4e+xYc+UOug/8lgyRR4Q9znSjd8o0lSyFQfcIwOmt\n8NETMaT9p8CLyUyvyQ1/S4XyP3RriqTjn8OE6lq71ZRGpRIQ6N8xIVxaD0OBDcks\ng41Iqe0GD5yQFsXypTAn7dc9bNg=\n=Lk6U\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "BID",
        "id": "96913"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "db": "PACKETSTORM",
        "id": "141659"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-112022",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3819",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "96913",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1038050",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "141659",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-112022",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "db": "BID",
        "id": "96913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "PACKETSTORM",
        "id": "141659"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "id": "VAR-201703-0711",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      }
    ],
    "trust": 1.24681986
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:44:41.397000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170315-asr",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-asr"
      },
      {
        "title": "Patch for CiscoStarOS Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/90837"
      },
      {
        "title": "Multiple Cisco product StarOS Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68499"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/96913"
      },
      {
        "trust": 2.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-asr"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038050"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3819"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3819"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-asr\"]"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "db": "BID",
        "id": "96913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "PACKETSTORM",
        "id": "141659"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "db": "BID",
        "id": "96913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "db": "PACKETSTORM",
        "id": "141659"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "date": "2017-03-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "date": "2017-03-15T00:00:00",
        "db": "BID",
        "id": "96913"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "date": "2017-03-16T00:03:51",
        "db": "PACKETSTORM",
        "id": "141659"
      },
      {
        "date": "2017-03-15T20:59:00.147000",
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03298"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112022"
      },
      {
        "date": "2017-03-16T00:03:00",
        "db": "BID",
        "id": "96913"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-3819"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "141659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 Series devices and  Virtualized Packet Core of  StarOS Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002733"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-638"
      }
    ],
    "trust": 0.6
  }
}

var-202006-1108

Vulnerability from variot

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. Cisco ASR 5000 is a 5000 series gateway product of American Cisco (Cisco)

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1108",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.18.0"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series aggregation services routers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.18.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      }
    ]
  },
  "cve": "CVE-2020-3244",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006873",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-47603",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-3244",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006873",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-3244",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2020-3244",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006873",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-47603",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1143",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-3244",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-3244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. Cisco ASR 5000 is a 5000 series gateway product of American Cisco (Cisco)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-3244"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-3244",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2117",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-3244",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-3244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ]
  },
  "id": "VAR-202006-1108",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      }
    ],
    "trust": 1.24285713
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:42:53.899000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-asr5k-ecs-bypass-2LqfPCL",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-ecs-bypass-2lqfpcl"
      },
      {
        "title": "Patch for Cisco ASR 5000 input validation error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/231508"
      },
      {
        "title": "Cisco ASR 5000 Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121836"
      },
      {
        "title": "Cisco: Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-asr5k-ecs-bypass-2lqfpcl"
      },
      {
        "title": "CVE-2020-3244",
        "trust": 0.1,
        "url": "https://github.com/alaial90/cve-2020-3244 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-3244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-ecs-bypass-2lqfpcl"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3244"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3244"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2117/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cisco-asr-5000-privilege-escalation-via-enhanced-charging-service-32552"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alaial90/cve-2020-3244"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-3244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-3244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-3244"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "date": "2020-06-18T03:15:11.370000",
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "date": "2020-06-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "date": "2021-09-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-3244"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006873"
      },
      {
        "date": "2021-09-17T19:00:23.393000",
        "db": "NVD",
        "id": "CVE-2020-3244"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 input validation error vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-47603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1143"
      }
    ],
    "trust": 0.6
  }
}

var-201607-0243

Vulnerability from variot

Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data. ASN.1 Is a standard data structure notation for network and communication applications. Heap-based buffer overflow (CWE-122) - CVE-2016-5080 ASN1C Is ASN.1 Used to generate high-level language source code from the syntax. According to the reporter, ASN1C Generated by C Or C++ The source code of the heap manager rtxMemHeapAlloc A heap-based buffer overflow vulnerability exists in the function. 2016 Year 7 Moon 20 As of today, similar vulnerabilities Java And C# It is unknown whether it exists in the source code output by. rtxMemHeapAlloc It depends on whether you are using a function. Specifically, it was received from an unreliable communication partner ASN.1 Processing your data may be affected by this vulnerability. For development of in-house products ASN1C Developers using are required to verify the source code to see if their products contain this vulnerability. The reporter has published further information as a security advisory. In the most serious case, received from an unreliable partner ASN.1 By processing the data, the authority of the application by a remote third party (root Or SYSTEM Authority etc. ) May execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. FundaciA3n Dr. ASN1C compiler for C/C++

ASN1C compiler for C/C++ Advisory ID: STIC-2016-0603 Advisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2 Date published: 2016-07-18 Date of last update: 2016-07-19 Vendors contacted: Objective Systems Inc. Release mode: Coordinated release
Vulnerability Description

Abstract Syntax Notation One (ASN.1) is a technical standard and formal notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking[1]. It is a joint standard of the International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), and International Telecommunication Union Telecommunication Standardization Sector ITU-T[2] used in technical standards for wireless communications such as GSM, UMTS and LTE, Lawful Interception, Intelligent Transportation Systems, signalling in fixed and mobile telecommunications networks (SS7), wireless broadband access (WiMAX), data security (X.509), network management (SNMP), voice over IP and IP-based videoconferencing (H.323), manufacturing, aviation, aerospace and several other areas[3].

Software components that generate, transmit and parse ASN.1 encoded data constitute a critical building block of software that runs on billions of mobile devices, telecommunication switching equipment and systems for operation and management of critical infrastructures. The ASN.1 specification is sufficiently complicated to make writing programs that parse ASN.1 encoded data a perilious and error-prone activity. Many technology vendors have adopted the practice of using computer-generated programs to parse ASN.1 encoded data. This is accomplished by using an ASN.1 compiler, a software tool that given as input a data specification written in ASN.1 generates as output the source code of a program that can be used to encode and decode in compliance with the specification. The output of an ASN.1 compiler is generally incorporated as a building block in a software system that transmits or processes ASN.1 encoded data. is a US-based private company[5] that develops and commercializes ASN1C, a ASN1 compiler for various programming languages, to vendors in the telecommunications, data networking, aviation, aerospace, defense and law enforcement sectors[6]. The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources, these may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network. has addressed the issue and built a fixed interim version of the ASN1C for C/C++ compiler that is a available to customers upon request. The fixes will be incorporated in the next (v7.0.2) release of ASN1C for C/C++.

For further information about vulnerable vendors and available fixes refer to the CERT/CC vulnerability note [4].

ASN1C compiler for C/C++ version 7.0 or below. Refer to the CERT/CC vulnerability note[4] for a list of potentially affected vendors.
Vendor Information, Solutions and Workarounds

Vendor fixed the issue in an interim release of the ASN1C v7.0.1 compiler available to customers upon request[5]. The upcoming ASN1C v7.0.2 release will incorporate the fixes.

Credits

This vulnerability was discovered and researched by Lucas Molas. The publication of this advisory was coordinated by Programa Seguridad en TIC.

Technical Description

This document details a bug found in the latest release of Objective Systems Inc,. ASN1C compiler for C/C++ (v7.0.0), particularly in the 'rtxMemHeapAlloc' function contained in the pre-compiled 'asn1rt_a.lib' library, where two integer overflows have been detected, which could lead to corruption of heap memory in an attacker-controlled scenario.

The component analyzed was the "evaluation package of ASN1C" (v7.0.0) for Windows (x86) MSVC 32-bit, but the analysis also applies to other platforms. The analysis was performed with the IDA (v6.9) disassembler, from which the assembly blocks shown below have been extracted (the assembly syntax and location addresses may vary).

The pre-compiled library analyzed, 'asn1rt_a.lib', was extracted from '\c\lib\' (which corresponds to the Visual C++ 2013 version).

In 'rtxMemHeapAlloc', after initial checks to the context's internal memory heap ('pMemHeap') which may entail calls to 'rtxMemHeapCreate' and 'rtxMemHeapCheck', the 'nbytes' argument ('arg_4' in the disassembly) is manipulated. Its value is rounded to the next multiple of 8 bytes using 'ecx' and storing the result in 'var_9C'. To accomplish this, a value of '7' is added to 'ecx' before making the shift without checking the resulting value, which could lead to an integer overflow of the 32-bit register if the value of 'nbytes' is '0xFFFFFFF9' or higher. The following assembly blocks illustrate this.

/----- loc_A6: mov ecx, [ebp+arg_4] add ecx, 7 shr ecx, 3 mov [ebp+var_9C], ecx mov edx, [ebp+var_18] mov eax, [edx+18h] and eax, 20000000h jnz short loc_D2

-----/

The 'rtxMemHeapAlloc' function does not perform any validation of the 'nbytes' argument and therefore it is up to the caller to make sure its value does not overflow when the allocator rounds it up to a multiple of 8 bytes and adds 20 bytes to the memory to be allocated to accomodate a heap control structure. However, the caller of 'rtxMemHeapAlloc' will be a function automatically generated by the ASN1C compiler and typically will not have any size contrains on the arguments passed to 'rtxMemHeapAlloc', and indireddctly to 'malloc', unless added manually. The resulting value of 'var_9C' is checked against the constant '0FFFCh' to decide whether to allocate the memory requested using the internal heap implementation or the system's memory allocator, which is usually available through the 'malloc' function.

A similar pattern is found later when 'malloc' is called.

If 'malloc' is used, the value in 'var_9C' is discarded in favor of the original value of the 'nbytes' argument. This value is added to '14h' in 'ecx' before saving it to 'var_E8' without any validation which could lead to an integer overflow if the value of argument 'nbytes' is '0xFFFFFFEC' or greater. The resulting value in 'var_E8' is then used as the argument for the call to 'malloc'. As a consequence, large values passsed in the 'nbytes' argument to 'rtxMemHeapAlloc' will result in a size calculation that wraps around and ends up calling 'malloc' with a size argument that is less that what is needed to store the data that will be copied to it later on. The following assembly block illustrates this.

/----- loc_D2: mov ecx, [ebp+arg_4] add ecx, 14h mov [ebp+var_E8], ecx mov edx, [ebp+var_E8] push edx mov eax, [ebp+var_18] mov ecx, [eax+1Ch] call ecx add esp, 4 mov [ebp+var_24], eax cmp [ebp+var_24], 0 jnz short loc_120

-----/

Due to the fact that the bugs are located in the core runtime support library, it is hard to assess its exploitability in all scenarios but it is safe to assume that it would lead attacker controlled memory corruption of either the system's heap (if 'malloc' is called) or in the internal memory allocator (if the number of bytes requested is below the aforementioned threshold). Since heap control structures can be overwritten with attacker controlled data, it is safe to assume that remote code execution can be achieved in many scenarios in which ASN.1 parsing code generated by the ASN1C compiler for C/C++ is used without manual modification. Manual modification of automatically generated code is generally not recommended so mechanisms that would prevent triggering of these bugs are not likely to be found in deployed systems.

As an illustrative example, the 3GPP APIs can be mentioned, particularly the '[NAS/RRC add-on for ASN1C SDK]'[7]. The C code generated by the ASN1C for the RRC decoder ('EUTRA-RRC-DefinitionsDec.c'), uses 'rtxMemHeapAlloc' for the allocation of the extension optional bits of the extension elements) where the length, not known in advance, is obtained from the encoded element received from an untrusted source, calling 'pd_SmallLength' which allows unconstrained whole numbers, resulting in a call to 'rtxMemHeapAlloc' with an externally controlled 'nbytes' argument.

/----- / decode extension elements / if (extbit) { OSOCTET* poptbits;

  /* decode extension optional bits length */

  stat = pd_SmallLength (pctxt, &bitcnt);
  if (stat != 0) return stat;

  poptbits = (OSOCTET*) rtxMemAlloc (pctxt, bitcnt);
  if (0 == poptbits) return RTERR_NOMEM;

  for (i_ = 0; i_ < bitcnt; i_++) {
     stat = DEC_BIT (pctxt, &poptbits[i_]);
     if (stat != 0)  {
        rtxMemFreePtr (pctxt, poptbits);
        return stat;
     }
  }

-----/

Report Timeline

. 2016-06-03:

    Sent email to Objective Systems Inc. 2016-06-06:

    Vendor responded with contact information to send the bug report

in plaintext. 2016-06-06:

    Bug report sent in plaintext to the email address provided by

the vendor. The report included technical details to identify and reproduce the bug. Publication date set to July 6, 2016. 2016-06-08:

    CERT/CC contacted, bug report filed in a web form, encrypted

using the CERT/CC PGP public key. 2016-06-08:

    CERT/CC replied by email acknowledging report, assigned VR-198

as internal tracking number. 2016-06-08:

    Email sent to CERT/CC saying that the bug is present in code

generated by the ASN1C compiler for C, it is also likely that C++ code is also buggy and not likely in Java code but neither C++ not Java code were tested. 2016-06-10:

    Email sent to the vendor requesting acknowledgement of the

report sent on June 6 and noting that CERT/CC was contacted. 2016-06-10:

    Vendor acknowledged reception of the bug report and stated that

it will look into the issue as time permits. indicated that the issues were fixed in an interim v7.0.1.x version of ASN1C that will be available to customers upon request and that the next v7.0.2 release will incorporate the fixes. Offered a version of ASN1C updated with the fixes for testing. 2016-06-14:

    Programa STIC replied to the vendor accepting the offer for the

pre-release version of ASN1C with the fixes and stated it is on track for publication on July 6. 2016-06-15:

    Programa STIC notified CERT/CC that the vendor has fixed the

issues and will make available an updated version of ASN1C to customers upon request. Asked CERT/CC about plans for dissemination of the report and whether it had contact information for ITU IMPACT. Publication is still planned for July 6. 2016-06-16:

     CERT/CC replied saying they have no contact information for ITU

IMPACT but will try to reach as many potentially affected vendors as possible. The vulnerabilities were assigned the CVE-2016-5080 identifier. CERT/CC will likely publish a Vulnerability Note on its website once the report becomes public. 2016-06-16:

     Programa STIC said that vendors will need to assess whether

they're vulnerable and determine if they want to ask Objective Systems for the fixed interim v7.0.1.x version or wait for the v7.0.2 release. Programa STIC recommends the former since the v7.0.2 release may include non-security fixed and feature and does not have a estimated release date at the moment. 2016-06-27:

    Programa STIC sent mail to CERT/CC requesting a status update

and saying its on track to publish on July 6. 2016-07-01:

    CERT/CC replied saying one of the contacted vendors requested to

delay the publication for 2 months while they investigate their products. Asked if Programa STIC would accept the request or proceed with the current publication date. 2016-07-01:

    Programa STIC replied that a two month delay seemed excessive

and that at least 2 additional factors should be weighed: 1. memory corruption bugs in ASN.1 related components of an LTE stack have been announced or hinted at in several infosec conference presentations over the past few weeks and its likely the same or similar bugs will become public soon. 2. Objective Systems has already produced a fix that is available upon request to all its customers. It does not seem reasonable to impose a 2 month publication delay on every other vendor. Asked CERT/CC: 1. Did other vendors request to postpone publication or indicated they were or were not vulnerable? 2. Did CERT/CC disseminate the information to any other parties?

. 2016-07-01:

    CERT/CC indicated they've contacted as many vendors as possible,

US-CERT and international CERT partners and that only one vendor has requested to delay publication so far. Agreed that proceeding with the original publication schedule is reasonable given the partial disclosure due to dissemination that already occurred plus the fact that a fix is available

. 2016-07-01:

   Programa STIC sent mail to CERT/CC saying that for the moment it

will proceed with the original deadline but make a final decision on July 5. 2016-07-06:

   Programa STIC sent email to CERT/CC indicating it decided to

postpone publication for a week to give vendors some additional time to assess whether they are vulnerable and plan for issuing fixes. The new publication date was set to July 13. 2016-07-06:

   CERT/CC replied that it will notify vendors of the new

publication date. 2016-07-14:

   Programa STIC told CERT/CC that publication was postponed to

Monday, July 18. 2016-07-13:

   Programa STIC sent mail to Objective Systems Inc. asked if a CVE ID has been assigned to the

issue. 2016-07-13:

   Programa STIC sent mail to Objective Systems Inc. saying

CVE-2016-5080 was assigned by CERT and promising to send draft of the security advisory when ready for publication. 2016-07-14:

   Programa STIC sent email to Objective Systems informing them that

the security advisory will bul published on July 18 with guidance for potentially affected vendors to contact them to request a fixed version of the ASN1C compiler for C/C++.

References

[1] Abstract Syntaxt Notation One (ASN1) http://www.itu.int/en/ITU-T/asn1/Pages/introduction.aspx [2] ASN.1 Project (ITU) http://www.itu.int/en/ITU-T/asn1/Pages/asn1_project.aspx [3] ASN.1 Applications and Standards http://www.oss.com/asn1/resources/standards-use-asn1.html [4] CERT/CC Vulnerability Notes http://www.kb.cert.org/vuls [5] Objective Systems Inc. https://www.obj-sys.com [6] Vendors possibly using ASN.1 compiler for C/C++. https://www.obj-sys.com/customers/ [7] Non-Access Stratum (NAS) LTE, GERAN-RRC, and other non-ASN.1 APIs 3GPP TS 24.007 24.008 24.011 24.301 44.018. https://www.obj-sys.com/products/asn1apis/lte_3gpp_apis.php

About FundaciA3n Dr. Manuel Sadosky

The Dr. Manuel Sadosky Foundation is a mixed (public / private) institution whose goal is to promote stronger and closer interaction between industry and the scientific-technological system in all aspects related to Information and Communications Technology (ICT). The Foundation was formally created by a Presidential Decree in 2009. Its Chairman is the Minister of Science, Technology, and Productive Innovation of Argentina; and the Vice-chairmen are the chairmen of the countryas most important ICT chambers: The Software and Computer Services Chamber (CESSI) and the Argentine Computing and Telecommunications Chamber (CICOMRA). For more information visit: http://www.fundacionsadosky.org.ar

Copyright Notice

The contents of this advisory are copyright (c) 2014-2016 FundaciA3n Sadosky and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 4.0 License: http://creativecommons.org/licenses/by-nc-sa/4.0/ -- Programa de Seguridad en TIC FundaciA3n Dr. Manuel Sadosky Av. CA3rdoba 744 Piso 5 Oficina I TE/FAX: 4328-5164

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0243",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asn1c",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "objective",
        "version": "7.0.1"
      },
      {
        "model": "asn1c",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "objective",
        "version": "7.0.1.x  created  c or  c++ source code"
      },
      {
        "model": "asn1c",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "objective",
        "version": "7.0.1"
      },
      {
        "model": "communications performance intelligence center software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2"
      },
      {
        "model": "communications performance intelligence center software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5.1"
      },
      {
        "model": "systems asn1c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "objective",
        "version": "7.0.1.0"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5x"
      },
      {
        "model": "virtualized packet core systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20.0"
      },
      {
        "model": "virtualized packet core systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "virtualized packet core systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "18.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "18.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "17.0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "systems asn1c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "objective",
        "version": "7.0.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:objective_systems:asn1c:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ivan Arce of Programa STIC at Fundaci\u00f3n Dr. Manuel Sadosky",
    "sources": [
      {
        "db": "BID",
        "id": "91836"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-5080",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-5080",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-5080",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-5080",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-546",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-5080",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data. ASN.1 Is a standard data structure notation for network and communication applications. Heap-based buffer overflow (CWE-122) - CVE-2016-5080 ASN1C Is ASN.1 Used to generate high-level language source code from the syntax. According to the reporter, ASN1C Generated by C Or C++ The source code of the heap manager rtxMemHeapAlloc A heap-based buffer overflow vulnerability exists in the function. 2016 Year 7 Moon 20 As of today, similar vulnerabilities Java And C# It is unknown whether it exists in the source code output by. rtxMemHeapAlloc It depends on whether you are using a function. Specifically, it was received from an unreliable communication partner ASN.1 Processing your data may be affected by this vulnerability. For development of in-house products ASN1C Developers using are required to verify the source code to see if their products contain this vulnerability. The reporter has published further information as a security advisory. In the most serious case, received from an unreliable partner ASN.1 By processing the data, the authority of the application by a remote third party (root Or SYSTEM Authority etc. ) May execute arbitrary code. Failed exploit  attempts will likely result in denial-of-service conditions. \t\tFundaciA3n Dr. ASN1C compiler for C/C++\n\n\n1. ASN1C compiler for C/C++\nAdvisory ID: STIC-2016-0603\nAdvisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2\nDate published: 2016-07-18\nDate of last update: 2016-07-19\nVendors contacted: Objective Systems Inc. \nRelease mode: Coordinated release\n\n\n2. *Vulnerability Description*\n\nAbstract Syntax Notation One (ASN.1) is a technical standard and formal\nnotation that describes rules and structures for representing, encoding,\ntransmitting, and decoding data in telecommunications and computer\nnetworking[1]. It is a joint standard of the International Organization\nfor Standardization (ISO), International Electrotechnical Commission\n(IEC), and International Telecommunication Union Telecommunication\nStandardization Sector ITU-T[2] used in technical standards for wireless\ncommunications such as GSM, UMTS and LTE, Lawful Interception,\nIntelligent Transportation Systems, signalling in fixed and mobile\ntelecommunications networks (SS7), wireless broadband access (WiMAX),\ndata security (X.509), network management (SNMP), voice over IP and\nIP-based videoconferencing (H.323), manufacturing, aviation, aerospace\nand several other areas[3]. \n\nSoftware components that generate, transmit and parse ASN.1 encoded data\nconstitute a critical building block of software that runs on billions\nof mobile devices, telecommunication switching equipment and systems for\noperation and management of critical infrastructures. The ASN.1\nspecification is sufficiently complicated to make writing programs that\nparse ASN.1 encoded data a perilious and error-prone activity. Many\ntechnology vendors have adopted the practice of using computer-generated\nprograms to parse ASN.1 encoded data. This is accomplished by using an\nASN.1 compiler, a software tool that given as input a data specification\nwritten in ASN.1 generates as output the source code of a program that\ncan be used to encode and decode in  compliance with the specification. \nThe output of an ASN.1 compiler is generally incorporated as a building\nblock in a software system that transmits or processes ASN.1 encoded data. is a US-based private company[5] that develops\nand commercializes ASN1C, a ASN1 compiler for various programming\nlanguages, to vendors in the telecommunications, data networking,\naviation, aerospace, defense and law enforcement sectors[6]. \nThe vulnerability could be triggered remotely without any authentication\nin scenarios where the vulnerable code receives and processes ASN.1\nencoded data from untrusted sources, these may include communications\nbetween mobile devices and telecommunication network infrastructure\nnodes, communications between nodes in a carrier\u0027s network or across\ncarrier boundaries, or communication between mutually untrusted\nendpoints in a data network. has addressed the issue and built a fixed interim\nversion of the ASN1C for C/C++ compiler that is a available to customers\nupon request. The fixes will be incorporated in the next (v7.0.2)\nrelease of ASN1C for C/C++. \n\nFor further information about vulnerable vendors and available fixes\nrefer to the CERT/CC vulnerability note [4]. \n\n\n4. ASN1C compiler for C/C++ version 7.0 or below. Refer to the\nCERT/CC vulnerability note[4] for a list of potentially affected vendors. \n\n\n5. *Vendor Information, Solutions and Workarounds*\n\nVendor fixed the issue in an interim release of the ASN1C v7.0.1\ncompiler available to customers upon request[5]. The upcoming ASN1C\nv7.0.2 release will incorporate the fixes. \n\n\n6. *Credits*\n\nThis vulnerability was discovered and researched by Lucas Molas. The\npublication of this advisory was coordinated by Programa Seguridad en TIC. \n\n7. *Technical Description*\n\nThis document details a bug found in the latest release of Objective\nSystems Inc,. ASN1C  compiler for C/C++ (v7.0.0), particularly in the\n\u0027rtxMemHeapAlloc\u0027 function contained in the pre-compiled \u0027asn1rt_a.lib\u0027\nlibrary, where two integer overflows have been detected, which could\nlead to corruption of heap memory in an attacker-controlled scenario. \n\nThe component analyzed was the \"evaluation package of ASN1C\" (v7.0.0)\nfor Windows (x86) MSVC 32-bit, but the analysis also applies to other\nplatforms. The analysis was performed with the IDA (v6.9) disassembler,\nfrom which the assembly blocks shown below have been extracted (the\nassembly syntax and location addresses may vary). \n\nThe pre-compiled library analyzed, \u0027asn1rt_a.lib\u0027, was extracted from\n\u0027\u003cinstalldir\u003e\\c\\lib\\\u0027 (which corresponds to the Visual C++ 2013 version). \n\n In \u0027rtxMemHeapAlloc\u0027, after initial checks to the context\u0027s internal\nmemory heap (\u0027pMemHeap\u0027) which may entail calls to \u0027rtxMemHeapCreate\u0027\nand \u0027rtxMemHeapCheck\u0027, the \u0027nbytes\u0027 argument (\u0027arg_4\u0027 in the\ndisassembly) is manipulated. Its value is rounded to the next multiple\nof 8 bytes using \u0027ecx\u0027 and storing the result in \u0027var_9C\u0027. To accomplish\nthis, a value of \u00277\u0027 is added to \u0027ecx\u0027 before making the shift without\nchecking the resulting value, which could lead to an integer overflow of\nthe 32-bit register if the value of \u0027nbytes\u0027 is \u00270xFFFFFFF9\u0027 or higher. \nThe following assembly blocks illustrate this. \n\n\n/-----\n  loc_A6:\n  mov     ecx, [ebp+arg_4]\n  add     ecx, 7\n  shr     ecx, 3\n  mov     [ebp+var_9C], ecx\n  mov     edx, [ebp+var_18]\n  mov     eax, [edx+18h]\n  and     eax, 20000000h\n  jnz     short loc_D2\n\n\n-----/\n\nThe \u0027rtxMemHeapAlloc\u0027  function does not perform any validation of the\n\u0027nbytes\u0027 argument and therefore it is up to the caller to make sure its\nvalue does not overflow when the allocator rounds it up to a multiple of\n8 bytes and adds 20 bytes to the memory to be allocated to accomodate a\nheap control structure. However, the caller of \u0027rtxMemHeapAlloc\u0027 will be\na function automatically generated by the ASN1C compiler and typically\nwill not have any size contrains on the arguments passed to\n\u0027rtxMemHeapAlloc\u0027, and indireddctly to \u0027malloc\u0027, unless added manually. \nThe resulting value of \u0027var_9C\u0027 is checked against the constant \u00270FFFCh\u0027\nto decide whether to allocate the memory requested using the internal\nheap implementation or the system\u0027s memory allocator, which is usually\navailable through the \u0027malloc\u0027 function. \n\nA similar pattern is found later when \u0027malloc\u0027 is called. \n\nIf \u0027malloc\u0027  is used, the value in \u0027var_9C\u0027 is discarded in favor of the\noriginal value of the \u0027nbytes\u0027 argument. This value is added to \u002714h\u0027 in\n\u0027ecx\u0027 before saving it to \u0027var_E8\u0027 without any validation which could\nlead to an integer overflow if the value of argument \u0027nbytes\u0027 is\n\u00270xFFFFFFEC\u0027 or greater. The resulting value in \u0027var_E8\u0027 is then used as\nthe argument for the call to \u0027malloc\u0027. As a consequence, large values\npasssed in the \u0027nbytes\u0027  argument to \u0027rtxMemHeapAlloc\u0027  will result in a\nsize calculation that wraps around and ends up calling \u0027malloc\u0027 with a\nsize argument that is less that what is needed to store the data that\nwill be copied to it later on. The following assembly block illustrates\nthis. \n\n\n/-----\n  loc_D2:\n  mov     ecx, [ebp+arg_4]\n  add     ecx, 14h\n  mov     [ebp+var_E8], ecx\n  mov     edx, [ebp+var_E8]\n  push    edx\n  mov     eax, [ebp+var_18]\n  mov     ecx, [eax+1Ch]\n  call    ecx\n  add     esp, 4\n  mov     [ebp+var_24], eax\n  cmp     [ebp+var_24], 0\n  jnz     short loc_120\n\n\n-----/\n\n\nDue to the fact that the bugs are located in the core runtime support\nlibrary, it is hard to assess its exploitability in all scenarios but it\nis safe to assume that it would lead attacker controlled memory\ncorruption of either the system\u0027s heap (if \u0027malloc\u0027 is called) or in the\ninternal memory allocator (if the number of bytes requested is below the\naforementioned threshold). Since heap control structures can be\noverwritten with attacker controlled data, it is safe to assume that\nremote code execution can be achieved in many scenarios in which ASN.1\nparsing code generated by the ASN1C compiler for C/C++ is used without\nmanual modification. Manual modification of automatically generated code\nis generally not recommended so mechanisms that would prevent triggering\nof these bugs are not likely to be found in deployed systems. \n\nAs an illustrative example, the 3GPP APIs can be mentioned, particularly\nthe \u0027[NAS/RRC add-on for ASN1C SDK]\u0027[7]. The C code generated by the\nASN1C for the RRC decoder (\u0027EUTRA-RRC-DefinitionsDec.c\u0027), uses\n\u0027rtxMemHeapAlloc\u0027 for the allocation of the extension optional bits of\nthe extension elements) where the length, not known in advance, is\nobtained from the encoded element received from an untrusted source,\ncalling \u0027pd_SmallLength\u0027 which allows unconstrained whole numbers,\nresulting in a call to \u0027rtxMemHeapAlloc\u0027  with an externally controlled\n\u0027nbytes\u0027 argument. \n\n\n/-----\n   /* decode extension elements */\n   if (extbit) {\n      OSOCTET* poptbits;\n\n      /* decode extension optional bits length */\n\n      stat = pd_SmallLength (pctxt, \u0026bitcnt);\n      if (stat != 0) return stat;\n\n      poptbits = (OSOCTET*) rtxMemAlloc (pctxt, bitcnt);\n      if (0 == poptbits) return RTERR_NOMEM;\n\n      for (i_ = 0; i_ \u003c bitcnt; i_++) {\n         stat = DEC_BIT (pctxt, \u0026poptbits[i_]);\n         if (stat != 0)  {\n            rtxMemFreePtr (pctxt, poptbits);\n            return stat;\n         }\n      }\n\n\n-----/\n\n\n8. *Report Timeline*\n\n. 2016-06-03:\n\n        Sent email to Objective Systems Inc. 2016-06-06:\n\n        Vendor responded with contact information to send the bug report\nin plaintext. 2016-06-06:\n\n        Bug report sent in plaintext to the email address provided by\nthe vendor. The report included technical details to identify and\nreproduce the bug. Publication date set to July\n6, 2016. 2016-06-08:\n\n        CERT/CC contacted, bug report filed in a web form, encrypted\nusing the CERT/CC PGP public key. 2016-06-08:\n\n        CERT/CC replied by email acknowledging report, assigned VR-198\nas internal tracking number. 2016-06-08:\n\n        Email sent to CERT/CC saying that the bug is present in code\ngenerated by the ASN1C compiler for C, it is also likely that C++ code\nis also buggy and not likely in Java code but neither C++ not Java code\nwere tested. 2016-06-10:\n\n        Email sent to the vendor requesting acknowledgement of the\nreport sent on June 6 and noting that CERT/CC was contacted. 2016-06-10:\n\n        Vendor acknowledged reception of the bug report and stated that\nit will look into the issue as time permits. indicated that the issues were fixed in\nan interim v7.0.1.x version of ASN1C that will be available to customers\nupon request and that the next v7.0.2 release will incorporate the\nfixes. Offered a version of ASN1C updated with the fixes for testing. 2016-06-14:\n\n        Programa STIC replied to the vendor accepting the offer for the\npre-release version of ASN1C with the fixes and stated it is on track\nfor publication on July 6. 2016-06-15:\n\n        Programa STIC notified CERT/CC that the vendor has fixed the\nissues and will make available an updated version of ASN1C to customers\nupon request. Asked CERT/CC about plans for dissemination of the report\nand whether it had contact information for ITU IMPACT. Publication is\nstill planned for July 6. 2016-06-16:\n\n         CERT/CC replied saying they have no contact information for ITU\nIMPACT but will try to reach as many potentially affected vendors as\npossible. The vulnerabilities were assigned the CVE-2016-5080\nidentifier. CERT/CC will likely publish a Vulnerability Note on its\nwebsite once the report becomes public. 2016-06-16:\n\n         Programa STIC said that vendors will need to assess whether\nthey\u0027re vulnerable and determine if they want to ask Objective Systems\nfor the fixed interim v7.0.1.x version or wait for the v7.0.2 release. \nPrograma STIC recommends the former since the v7.0.2 release may include\nnon-security fixed and feature and does not have a estimated release\ndate at the moment. 2016-06-27:\n\n        Programa STIC sent mail to CERT/CC requesting a status update\nand saying its on track to publish on July 6. 2016-07-01:\n\n        CERT/CC replied saying one of the contacted vendors requested to\ndelay the publication for 2 months while they investigate their\nproducts. Asked if Programa STIC would accept the request or proceed\nwith the current publication date. 2016-07-01:\n\n        Programa STIC replied that a two month delay seemed excessive\nand that at least 2 additional factors should be weighed: 1. memory\ncorruption bugs in ASN.1 related components of an LTE stack have been\nannounced or hinted at in several infosec conference presentations over\nthe past few weeks and its likely the same or similar bugs will become\npublic soon. 2. Objective Systems has already produced a fix that is\navailable upon request to all its customers. It does not seem reasonable\nto impose a 2 month publication delay on every other vendor. Asked\nCERT/CC: 1. Did other vendors request to postpone publication or\nindicated they were or were not vulnerable? 2. Did CERT/CC disseminate\nthe information to any other parties?\n\n\n. 2016-07-01:\n\n        CERT/CC indicated they\u0027ve contacted as many vendors as possible,\nUS-CERT and international CERT partners and that only one vendor has\nrequested to delay publication so far. Agreed that proceeding with the\noriginal publication schedule is reasonable given the partial disclosure\ndue to dissemination that already occurred plus the fact that a fix is\navailable\n\n\n. 2016-07-01:\n\n       Programa STIC sent mail to CERT/CC saying that for the moment it\nwill proceed with the original deadline but make a final decision on July 5. 2016-07-06:\n\n       Programa STIC sent email to CERT/CC indicating it decided to\npostpone publication for a week to give vendors some additional time to\nassess whether they are vulnerable and plan for issuing fixes. The new\npublication date was set to July 13. 2016-07-06:\n\n       CERT/CC replied that it will notify vendors of the new\npublication date. 2016-07-14:\n\n       Programa STIC told CERT/CC that publication was postponed to\nMonday, July 18. 2016-07-13:\n\n       Programa STIC sent mail to Objective Systems Inc. asked if a CVE ID has been assigned to the\nissue. 2016-07-13:\n\n       Programa STIC sent mail to Objective Systems Inc. saying\nCVE-2016-5080 was assigned by CERT and promising to send draft of the\nsecurity advisory when ready for publication. 2016-07-14:\n\n       Programa STIC sent email to Objective Systems informing them that\nthe security advisory will bul published on July 18 with guidance for\npotentially affected vendors to contact them to request a fixed version\nof the ASN1C compiler for C/C++. \n\n\n9. *References*\n\n[1] Abstract Syntaxt Notation One (ASN1)\n    http://www.itu.int/en/ITU-T/asn1/Pages/introduction.aspx\n[2] ASN.1 Project (ITU)\n    http://www.itu.int/en/ITU-T/asn1/Pages/asn1_project.aspx\n[3] ASN.1 Applications and Standards\n  http://www.oss.com/asn1/resources/standards-use-asn1.html\n[4] CERT/CC Vulnerability Notes\n  http://www.kb.cert.org/vuls\n[5] Objective Systems Inc. \n    https://www.obj-sys.com\n[6] Vendors possibly using ASN.1 compiler for C/C++. \n    https://www.obj-sys.com/customers/\n[7] Non-Access Stratum (NAS) LTE, GERAN-RRC, and other non-ASN.1 APIs\n    3GPP TS 24.007 24.008 24.011 24.301 44.018. \n    https://www.obj-sys.com/products/asn1apis/lte_3gpp_apis.php\n\n10. *About FundaciA3n Dr. Manuel Sadosky*\n\nThe Dr. Manuel Sadosky Foundation is a mixed (public / private)\ninstitution whose goal is to promote stronger and closer interaction\nbetween industry and the scientific-technological system in all aspects\nrelated to Information and Communications Technology (ICT). The\nFoundation was formally created by a Presidential Decree in 2009. Its\nChairman is the Minister of Science, Technology, and Productive\nInnovation of Argentina; and the Vice-chairmen are the chairmen of the\ncountryas most important ICT chambers: The Software and Computer\nServices Chamber (CESSI) and the Argentine Computing and\nTelecommunications Chamber (CICOMRA). For more information visit:\nhttp://www.fundacionsadosky.org.ar\n\n11. *Copyright Notice*\n\nThe contents of this advisory are copyright (c) 2014-2016 FundaciA3n\nSadosky and are licensed under a Creative Commons Attribution\nNon-Commercial Share-Alike 4.0 License:\nhttp://creativecommons.org/licenses/by-nc-sa/4.0/\n-- \nPrograma de Seguridad en TIC\nFundaciA3n Dr. Manuel Sadosky\nAv. CA3rdoba 744 Piso 5 Oficina I\nTE/FAX: 4328-5164\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "BID",
        "id": "91836"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "db": "PACKETSTORM",
        "id": "137970"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5080",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#790839",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "91836",
        "trust": 1.4
      },
      {
        "db": "PACKETSTORM",
        "id": "137970",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1036386",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU99625371",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5080",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "db": "BID",
        "id": "91836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "PACKETSTORM",
        "id": "137970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "id": "VAR-201607-0243",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.51222601
  },
  "last_update_date": "2024-04-19T22:40:09.559000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ASN1C ASN.1 Compiler",
        "trust": 0.8,
        "url": "http://www.obj-sys.com/products/asn1c/"
      },
      {
        "title": "Objective Systems ASN1C for C/C++ Fixes for integer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63003"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=e8654f311f23268a7da69416ca7535a2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "SamsungReleaseNotes",
        "trust": 0.1,
        "url": "https://github.com/samreleasenotes/samsungreleasenotes "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.kb.cert.org/vuls/id/790839"
      },
      {
        "trust": 2.5,
        "url": "https://github.com/programa-stic/security-advisories/tree/master/objsys/cve-2016-5080"
      },
      {
        "trust": 2.5,
        "url": "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/ncsc-2016-0650+1.00+kwetsbaarheid+verholpen+in+asn1c.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160721-asn1c"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/91836"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/137970/objective-systems-inc.-asn1c-for-c-c-heap-memory-corruption.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2016/jul/65"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/538952/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036386"
      },
      {
        "trust": 1.1,
        "url": "https://source.android.com/security/bulletin/2017-01-01.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5080"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu99625371"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5080"
      },
      {
        "trust": 0.3,
        "url": "http://www.obj-sys.com/"
      },
      {
        "trust": 0.3,
        "url": "https://source.android.com/security/bulletin/2017-01-01.html "
      },
      {
        "trust": 0.3,
        "url": "https://github.com/programa-stic/security-advisories/tree/master/objsys/cve-2016-5080/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.obj-sys.com/customers/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5080"
      },
      {
        "trust": 0.1,
        "url": "http://www.itu.int/en/itu-t/asn1/pages/asn1_project.aspx"
      },
      {
        "trust": 0.1,
        "url": "https://www.obj-sys.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.oss.com/asn1/resources/standards-use-asn1.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.fundacionsadosky.org.ar"
      },
      {
        "trust": 0.1,
        "url": "http://www.itu.int/en/itu-t/asn1/pages/introduction.aspx"
      },
      {
        "trust": 0.1,
        "url": "https://www.obj-sys.com/products/asn1apis/lte_3gpp_apis.php"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-nc-sa/4.0/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls"
      },
      {
        "trust": 0.1,
        "url": "http://www.fundacionsadosky.org.ar/publicaciones-2"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "db": "BID",
        "id": "91836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "PACKETSTORM",
        "id": "137970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "db": "BID",
        "id": "91836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "db": "PACKETSTORM",
        "id": "137970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "date": "2016-07-19T00:00:00",
        "db": "BID",
        "id": "91836"
      },
      {
        "date": "2016-07-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "date": "2016-07-19T20:01:11",
        "db": "PACKETSTORM",
        "id": "137970"
      },
      {
        "date": "2016-07-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      },
      {
        "date": "2016-07-19T22:59:01.240000",
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5080"
      },
      {
        "date": "2018-10-17T07:00:00",
        "db": "BID",
        "id": "91836"
      },
      {
        "date": "2016-07-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      },
      {
        "date": "2016-07-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      },
      {
        "date": "2018-10-17T01:29:50.837000",
        "db": "NVD",
        "id": "CVE-2016-5080"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Objective Systems ASN1C Buffer overflow vulnerability in source code generated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003788"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-546"
      }
    ],
    "trust": 0.6
  }
}

var-201706-0569

Vulnerability from variot

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Vendors report this vulnerability CSCvd73726 Published as.Arbitrary files could be overwritten or modified by a remotely authenticated attacker. CiscoStarOS is a set of operating systems operated by Cisco Systems Inc. in a series of routers such as 5000. CiscoStarOS has a remote security bypass vulnerability that can be exploited by remote authentication attackers to modify arbitrary files. The vulnerability stems from a failure of the program to fully validate the input. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd73726

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0569",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0.v0.65839"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.3.m0.67005"
      },
      {
        "model": "asr series 21.3.m0.67005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500021.0.v0.65839"
      },
      {
        "model": "asr 5000 series software",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros none",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series 21.4.a0.67087",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.4.a0.67079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.4.a0.67013",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.3.m0.67084",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.3.m0.67077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.3.m0.66994",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.3.j0.66993",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.1.v0.67083"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.1.v0.67082"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "BID",
        "id": "98998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.3.m0.67005:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "98998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6690",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6690",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2017-13744",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-114893",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.2,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6690",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6690",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-13744",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-433",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114893",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Vendors report this vulnerability CSCvd73726 Published as.Arbitrary files could be overwritten or modified by a remotely authenticated attacker. CiscoStarOS is a set of operating systems operated by Cisco Systems Inc. in a series of routers such as 5000. CiscoStarOS has a remote security bypass vulnerability that can be exploited by remote authentication attackers to modify arbitrary files. The vulnerability stems from a failure of the program to fully validate the input. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvd73726",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "BID",
        "id": "98998"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114893"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6690",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "98998",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1038634",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114893",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114893"
      },
      {
        "db": "BID",
        "id": "98998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "id": "VAR-201706-0569",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114893"
      }
    ],
    "trust": 1.4134865099999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:29:16.690000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170607-staros",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-staros"
      },
      {
        "title": "CiscoStarOS Remote Security Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/97798"
      },
      {
        "title": "Cisco ASR 5000 Series Aggregated Services Routers StarOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70879"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-staros"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/98998"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038634"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6690"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6690"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id/1038634"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114893"
      },
      {
        "db": "BID",
        "id": "98998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114893"
      },
      {
        "db": "BID",
        "id": "98998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "date": "2017-06-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114893"
      },
      {
        "date": "2017-06-07T00:00:00",
        "db": "BID",
        "id": "98998"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "date": "2017-06-13T06:29:01.550000",
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "date": "2017-06-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-13744"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114893"
      },
      {
        "date": "2017-06-07T00:00:00",
        "db": "BID",
        "id": "98998"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-6690"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 Series  Aggregated Services Router Run on  StarOS Vulnerabilities in arbitrary file overwriting in file check operation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005142"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "98998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-433"
      }
    ],
    "trust": 0.9
  }
}

var-201804-1019

Vulnerability from variot

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605. Cisco StarOS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve29605 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. VirtualizedPacketCore (VPC) SystemSoftware is a commercial version of the StarOS software deployed on a dedicated hardware platform. StarOS is a set of operating systems used in it. IPsecManager is one of the IPsec managers

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1019",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.6.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.4.2.65120"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.2.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.4.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.2.6"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vpc system software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series routers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "virtualized packet core software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series aggregation services routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "BID",
        "id": "103935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:19.4.2.65120:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:19.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "103935"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0273",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0273",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-09783",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-118475",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0273",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0273",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-09783",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-1086",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118475",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118475"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605. Cisco StarOS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve29605 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. VirtualizedPacketCore (VPC) SystemSoftware is a commercial version of the StarOS software deployed on a dedicated hardware platform. StarOS is a set of operating systems used in it. IPsecManager is one of the IPsec managers",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "BID",
        "id": "103935"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118475"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0273",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "103935",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1040721",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118475",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118475"
      },
      {
        "db": "BID",
        "id": "103935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "id": "VAR-201804-1019",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118475"
      }
    ],
    "trust": 1.3841242125
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:38:41.246000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20180418-starosasr",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-starosasr"
      },
      {
        "title": "Patch for Cisco ASR5000 Series Router Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/129535"
      },
      {
        "title": "Cisco Aggregation Services Router 5000 Series Routers  and Virtualized Packet Core System Software StarOS IPsec Manager Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81382"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118475"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/103935"
      },
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-starosasr"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040721"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0273"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0273"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118475"
      },
      {
        "db": "BID",
        "id": "103935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118475"
      },
      {
        "db": "BID",
        "id": "103935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118475"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "BID",
        "id": "103935"
      },
      {
        "date": "2018-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "date": "2018-04-19T20:29:01.707000",
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09783"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118475"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "BID",
        "id": "103935"
      },
      {
        "date": "2018-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      },
      {
        "date": "2019-10-09T23:31:37.083000",
        "db": "NVD",
        "id": "CVE-2018-0273"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS Resource management vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004264"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1086"
      }
    ],
    "trust": 0.6
  }
}

var-201504-0290

Vulnerability from variot

The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. Vendors have confirmed this vulnerability Bug ID CSCut94711 It is released as.Malformed by a third party PM Service disruption via packets ( Reload services and stop call processing ) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a 5000 series wireless controller product from Cisco. StarOS is a virtualized operating system that dynamically allocates resources for mobile services and networks running in the 5000 Series wireless controller products. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCut94711

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0290",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "cisco",
        "version": "18.1.0.59776"
      },
      {
        "model": "asr 5000 router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr 5500 router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr 5700 router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500018.1.0.59776"
      },
      {
        "model": "asr series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500018.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "BID",
        "id": "74388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:18.1.0.59776:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "74388"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0711",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0711",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-02815",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-78657",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0711",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-02815",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-571",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78657",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. Vendors have confirmed this vulnerability Bug ID CSCut94711 It is released as.Malformed by a third party PM Service disruption via packets ( Reload services and stop call processing ) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a 5000 series wireless controller product from Cisco. StarOS is a virtualized operating system that dynamically allocates resources for mobile services and networks running in the 5000 Series wireless controller products. \nSuccessful exploitation of the issue will cause the device to reload, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCut94711",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "BID",
        "id": "74388"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78657"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0711",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1032213",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "74388",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-78657",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78657"
      },
      {
        "db": "BID",
        "id": "74388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ]
  },
  "id": "VAR-201504-0290",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78657"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:20:55.998000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "38557",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38557"
      },
      {
        "title": "Cisco ASR 5000 Series StarOS Denial of Service Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/57892"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38557"
      },
      {
        "trust": 1.4,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0711"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032213"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0711"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78657"
      },
      {
        "db": "BID",
        "id": "74388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78657"
      },
      {
        "db": "BID",
        "id": "74388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78657"
      },
      {
        "date": "2015-04-28T00:00:00",
        "db": "BID",
        "id": "74388"
      },
      {
        "date": "2015-04-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "date": "2015-04-29T01:59:03.183000",
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "date": "2015-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78657"
      },
      {
        "date": "2015-04-28T00:00:00",
        "db": "BID",
        "id": "74388"
      },
      {
        "date": "2015-04-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002512"
      },
      {
        "date": "2015-09-10T16:07:19.700000",
        "db": "NVD",
        "id": "CVE-2015-0711"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 Series StarOS Denial of Service Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-571"
      }
    ],
    "trust": 0.6
  }
}

var-201707-0436

Vulnerability from variot

A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to long-term evolution. StarOS is a set of Linux operating systems for it. CiscoStarOS for Cisco ASR5000 SeriesRouters has security vulnerabilities in the IPsec component. The IKE message was not processed correctly by the program. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvc21129

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0436",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0_m0.64246"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0_m0.64702"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "virtualized packet core software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.1"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.1.v0"
      },
      {
        "model": "asr series 21.2.a0.65754",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.1.v0.66014"
      },
      {
        "model": "asr series 21.1.r0.65759",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.1.m0.65749",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series 21.1.b0.66164",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.1.0.66030"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "BID",
        "id": "99218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:staros:21.0_m0.64702:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:staros:21.0_m0.64246:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:staros:21.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "99218"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-3865",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-3865",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-11550",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-112068",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-3865",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3865",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-11550",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1005",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-112068",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to long-term evolution. StarOS is a set of Linux operating systems for it. CiscoStarOS for Cisco ASR5000 SeriesRouters has security vulnerabilities in the IPsec component. The IKE message was not processed correctly by the program. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCvc21129",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "BID",
        "id": "99218"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112068"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3865",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "99218",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038748",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-112068",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112068"
      },
      {
        "db": "BID",
        "id": "99218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "id": "VAR-201707-0436",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112068"
      }
    ],
    "trust": 1.34750954
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:37:20.732000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170621-asr",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-asr"
      },
      {
        "title": "Patch for CiscoStarOSIPsec Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/96506"
      },
      {
        "title": "Cisco ASR 5500 Series routers with Data Processing Card 2 StarOS Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71194"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-asr"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99218"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038748"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3865"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3865"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-asr"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112068"
      },
      {
        "db": "BID",
        "id": "99218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112068"
      },
      {
        "db": "BID",
        "id": "99218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "date": "2017-07-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112068"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99218"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "date": "2017-07-04T00:29:00.180000",
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-11550"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112068"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99218"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-3865"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 For series router  Cisco StarOS of  IPsec All active in the component  IPsec VPN Vulnerability that terminates the tunnel",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005297"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1005"
      }
    ],
    "trust": 0.6
  }
}

var-201801-1064

Vulnerability from variot

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332. Cisco StarOS The operating system includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCvf93332 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco ASR5000 Seriesrouters is a 5000 series secure router device from Cisco. The Cisco StarOS operating system is a set of virtualized operating systems running on it

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1064",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "staros for asr series routers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.5"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.4"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.3.5"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.3.0.67664"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "BID",
        "id": "102788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "102788"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0115",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-0115",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-02053",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-118317",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-0115",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0115",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-02053",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-610",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118317",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-0115",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332. Cisco StarOS The operating system includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCvf93332 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco ASR5000 Seriesrouters is a 5000 series secure router device from Cisco. The Cisco StarOS operating system is a set of virtualized operating systems running on it",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "BID",
        "id": "102788"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0115"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0115",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "102788",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1040239",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118317",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0115",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0115"
      },
      {
        "db": "BID",
        "id": "102788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "id": "VAR-201801-1064",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118317"
      }
    ],
    "trust": 1.4134865099999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:05:35.622000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20180117-staros",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-staros"
      },
      {
        "title": "CiscoStarOS Command Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/114549"
      },
      {
        "title": "Cisco ASR 5000 Series router Cisco StarOS Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77790"
      },
      {
        "title": "Cisco: Cisco StarOS CLI Command Injection Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180117-staros"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-staros"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/102788"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1040239"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0115"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0115"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0115"
      },
      {
        "db": "BID",
        "id": "102788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0115"
      },
      {
        "db": "BID",
        "id": "102788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "date": "2018-01-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "date": "2018-01-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0115"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "BID",
        "id": "102788"
      },
      {
        "date": "2018-03-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "date": "2018-01-18T06:29:01.533000",
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "date": "2018-01-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-02053"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118317"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0115"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "BID",
        "id": "102788"
      },
      {
        "date": "2018-03-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      },
      {
        "date": "2019-10-09T23:31:16.003000",
        "db": "NVD",
        "id": "CVE-2018-0115"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "102788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS In the operating system  OS Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001703"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-610"
      }
    ],
    "trust": 0.6
  }
}

var-202106-0907

Vulnerability from variot

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco ASR 5000 Series software (StarOS) Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco ASR 5000 is a 5000 series gateway product of Cisco (Cisco)

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0907",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.17.10"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.18.16"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.20.8"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.20.0"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.0"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.16.9"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.n"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.11"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.n7"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.17.0"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.18.0"
      },
      {
        "model": "cisco staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "cisco virtualized packet core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.16.9",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.17.10",
                    "versionStartIncluding": "21.17.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.18.16",
                    "versionStartIncluding": "21.18.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.19.11",
                    "versionStartIncluding": "21.19.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.19.n7",
                    "versionStartIncluding": "21.19.n",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.20.8",
                    "versionStartIncluding": "21.20.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      }
    ]
  },
  "cve": "CVE-2021-1540",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-1540",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "VHN-374594",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-1540",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1540",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2021-1540",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-125",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-374594",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-125"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco ASR 5000 Series software (StarOS) Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco ASR 5000 is a 5000 series gateway product of Cisco (Cisco)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-374594"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1540",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021060213",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1903",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-125",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-374594",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-125"
      }
    ]
  },
  "id": "VAR-202106-0907",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374594"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:01:10.759000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-asr5k-autho-bypass-mJDF5S7n",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-autho-bypass-mjdf5s7n"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-863",
        "trust": 1.1
      },
      {
        "problemtype": "Bad authentication (CWE-863) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-autho-bypass-mjdf5s7n"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1540"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cisco-asr-5000-privilege-escalation-via-authorization-bypass-35593"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021060213"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1903"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-125"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-374594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-125"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374594"
      },
      {
        "date": "2021-07-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "date": "2021-06-04T17:15:09.917000",
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-125"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374594"
      },
      {
        "date": "2021-07-06T02:54:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      },
      {
        "date": "2023-11-07T03:28:34.540000",
        "db": "NVD",
        "id": "CVE-2021-1540"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-125"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-125"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco\u00a0ASR\u00a05000\u00a0 Unauthorized authentication vulnerability in series software",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001954"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201803-1596

Vulnerability from variot

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441. Vendors have confirmed this vulnerability Bug ID CSCvg29441 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco ASR5000 Series AggregationServicesRouters is a 5000 series secure router device from Cisco. StarOSoperatingsystem is a set of virtualized operating systems running on it. The CLI is one of the command line interfaces

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1596",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asr 5700",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.3.0.67664"
      },
      {
        "model": "asr 5500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.7.0"
      },
      {
        "model": "asr 5700",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.7.0"
      },
      {
        "model": "asr 5500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.3.0.67664"
      },
      {
        "model": "asr 5000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.7.0"
      },
      {
        "model": "asr 5000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.3.0.67664"
      },
      {
        "model": "asr 5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr 5500",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr 5700",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series aggregation services routers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.7"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.3.0.67664"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "BID",
        "id": "103346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asr_5000_firmware:21.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asr_5000_firmware:21.3.0.67664:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asr_5700_firmware:21.3.0.67664:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asr_5700_firmware:21.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asr_5500_firmware:21.3.0.67664:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asr_5500_firmware:21.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "103346"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0217",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-0217",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-06795",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-118419",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-0217",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0217",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06795",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-250",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118419",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-0217",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441. Vendors have confirmed this vulnerability Bug ID CSCvg29441 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco ASR5000 Series AggregationServicesRouters is a 5000 series secure router device from Cisco. StarOSoperatingsystem is a set of virtualized operating systems running on it. The CLI is one of the command line interfaces",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "BID",
        "id": "103346"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0217"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0217",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "103346",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1040466",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118419",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0217",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0217"
      },
      {
        "db": "BID",
        "id": "103346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ]
  },
  "id": "VAR-201803-1596",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118419"
      }
    ],
    "trust": 1.234915075
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:18:59.934000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20180307-staros",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-staros"
      },
      {
        "title": "CiscoASR5000SeriesAggregationServicesRoutersStarOS Operating System CLI Command Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/124233"
      },
      {
        "title": "Cisco: Cisco StarOS CLI Command Injection Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180307-staros"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.9
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-staros"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/103346"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1040466"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0217"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0217"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0217"
      },
      {
        "db": "BID",
        "id": "103346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0217"
      },
      {
        "db": "BID",
        "id": "103346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "date": "2018-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "date": "2018-03-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0217"
      },
      {
        "date": "2018-03-07T00:00:00",
        "db": "BID",
        "id": "103346"
      },
      {
        "date": "2018-04-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "date": "2018-03-08T07:29:00.957000",
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "date": "2018-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "date": "2020-09-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118419"
      },
      {
        "date": "2020-09-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0217"
      },
      {
        "date": "2018-03-07T00:00:00",
        "db": "BID",
        "id": "103346"
      },
      {
        "date": "2018-04-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002671"
      },
      {
        "date": "2020-09-04T17:58:19.997000",
        "db": "NVD",
        "id": "CVE-2018-0217"
      },
      {
        "date": "2020-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "103346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 Series Aggregation Services Routers StarOS Operating System CLI Command Injection Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-250"
      }
    ],
    "trust": 0.6
  }
}

var-202102-0686

Vulnerability from variot

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device. Cisco StarOS Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Cisco StarOS operating system is an operating system of Cisco in the United States. Provide subscriber management service for mobile packet core network. There is a resource management error vulnerability in the Cisco StarOS operating system, which originates from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0686",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.9.0"
      },
      {
        "model": "staros",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.10"
      },
      {
        "model": "cisco staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "cisco staros",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "21.19.10",
                "versionStartIncluding": "21.9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      }
    ]
  },
  "cve": "CVE-2021-1378",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-1378",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-374432",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-1378",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1378",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2021-1378",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-1275",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-374432",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device. Cisco StarOS Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Cisco StarOS operating system is an operating system of Cisco in the United States. Provide subscriber management service for mobile packet core network. There is a resource management error vulnerability in the Cisco StarOS operating system, which originates from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "VULHUB",
        "id": "VHN-374432"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1378",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0600",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-374432",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ]
  },
  "id": "VAR-202102-0686",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374432"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:55:43.209000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-StarOS-DoS-RLLvGFJj",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-staros-dos-rllvgfjj"
      },
      {
        "title": "Cisco StarOS operating system Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142816"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-staros-dos-rllvgfjj"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1378"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0600"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-374432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374432"
      },
      {
        "date": "2021-11-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "date": "2021-02-17T17:15:13.583000",
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "date": "2021-02-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374432"
      },
      {
        "date": "2021-11-05T05:16:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      },
      {
        "date": "2023-11-07T03:28:08.503000",
        "db": "NVD",
        "id": "CVE-2021-1378"
      },
      {
        "date": "2021-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco\u00a0StarOS\u00a0 Resource Depletion Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003810"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1275"
      }
    ],
    "trust": 0.6
  }
}

var-201807-0419

Vulnerability from variot

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613. Cisco StarOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvh29613 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco StarOS for ASR 5000 Series Routers is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. production version. Cisco StarOS is one of the virtualized operating systems

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0419",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.4"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.5.7"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.6.4"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.3.15"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.3"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.6"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.6"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.5"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.4"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.3"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.1"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.6.4"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.5.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.3.15",
                    "versionStartIncluding": "21.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.6.4",
                    "versionStartIncluding": "21.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.5.7",
                    "versionStartIncluding": "21.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "104723"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0369",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0369",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-118571",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.6,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0369",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0369",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1219",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118571",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118571"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613. Cisco StarOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvh29613 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco StarOS for ASR 5000 Series Routers is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. production version. Cisco StarOS is one of the virtualized operating systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "BID",
        "id": "104723"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118571"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0369",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "104723",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-118571",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118571"
      },
      {
        "db": "BID",
        "id": "104723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ]
  },
  "id": "VAR-201807-0419",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118571"
      }
    ],
    "trust": 0.52697302
  },
  "last_update_date": "2023-12-18T12:50:38.278000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20180711-staros-dos",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180711-staros-dos"
      },
      {
        "title": "Multiple Cisco product Cisco StarOS Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82163"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118571"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180711-staros-dos"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/104723"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0369"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0369"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118571"
      },
      {
        "db": "BID",
        "id": "104723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118571"
      },
      {
        "db": "BID",
        "id": "104723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118571"
      },
      {
        "date": "2018-07-11T00:00:00",
        "db": "BID",
        "id": "104723"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "date": "2018-07-16T17:29:00.487000",
        "db": "NVD",
        "id": "CVE-2018-0369"
      },
      {
        "date": "2018-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118571"
      },
      {
        "date": "2018-07-11T00:00:00",
        "db": "BID",
        "id": "104723"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      },
      {
        "date": "2019-10-09T23:31:54.130000",
        "db": "NVD",
        "id": "CVE-2018-0369"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008203"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1219"
      }
    ],
    "trust": 0.6
  }
}

var-201803-1602

Vulnerability from variot

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807. Cisco StarOS Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg38807 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The StarOS operating system is a virtualized operating system running on it. CLI is one of those command line interfaces

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1602",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.5.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.3.0.67664"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.5"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.3.0.67664"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.3.0.67664:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "103344"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0224",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-0224",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-118426",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-0224",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0224",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-244",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118426",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807. Cisco StarOS Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg38807 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The StarOS operating system is a virtualized operating system running on it. CLI is one of those command line interfaces",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "db": "BID",
        "id": "103344"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118426"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0224",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "103344",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1040466",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118426",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118426"
      },
      {
        "db": "BID",
        "id": "103344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ]
  },
  "id": "VAR-201803-1602",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118426"
      }
    ],
    "trust": 0.52697302
  },
  "last_update_date": "2023-12-18T12:18:59.903000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20180307-staros1",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-staros1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.9
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-staros1"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/103344"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040466"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0224"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0224"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118426"
      },
      {
        "db": "BID",
        "id": "103344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118426"
      },
      {
        "db": "BID",
        "id": "103344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118426"
      },
      {
        "date": "2018-03-07T00:00:00",
        "db": "BID",
        "id": "103344"
      },
      {
        "date": "2018-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "date": "2018-03-08T07:29:01.283000",
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "date": "2018-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118426"
      },
      {
        "date": "2018-03-07T00:00:00",
        "db": "BID",
        "id": "103344"
      },
      {
        "date": "2018-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      },
      {
        "date": "2020-09-04T18:02:33.960000",
        "db": "NVD",
        "id": "CVE-2018-0224"
      },
      {
        "date": "2020-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "103344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002595"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-244"
      }
    ],
    "trust": 0.6
  }
}

var-202101-1063

Vulnerability from variot

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device. Cisco StarOS is a set of virtualization operating system of Cisco (Cisco)

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1063",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.22.0"
      },
      {
        "model": "virtualized packet core-single instance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.22.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core-single_instance:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      }
    ]
  },
  "cve": "CVE-2021-1353",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-374407",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-1353",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1353",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2021-1353",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-1526",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-374407",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1353",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1353"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device. Cisco StarOS is a set of virtualization operating system of Cisco (Cisco)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1353"
      }
    ],
    "trust": 1.08
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1353",
        "trust": 1.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0253",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-374407",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1353",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1353"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ]
  },
  "id": "VAR-202101-1063",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374407"
      }
    ],
    "trust": 0.7999999999999999
  },
  "last_update_date": "2023-12-18T13:18:00.551000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco StarOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139789"
      },
      {
        "title": "Cisco: Cisco StarOS IPv4 Denial of Service Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-asr-mem-leak-dos-mtwghkk3"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-401",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr-mem-leak-dos-mtwghkk3"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1353"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cisco-asr-5000-denial-of-service-via-staros-ipv4-34383"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0253/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/401.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195345"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1353"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1353"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "date": "2021-01-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1353"
      },
      {
        "date": "2021-01-20T20:15:17.533000",
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "date": "2021-01-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374407"
      },
      {
        "date": "2021-02-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1353"
      },
      {
        "date": "2023-11-07T03:28:04.307000",
        "db": "NVD",
        "id": "CVE-2021-1353"
      },
      {
        "date": "2021-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1526"
      }
    ],
    "trust": 0.6
  }
}

var-201505-0130

Vulnerability from variot

The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Cisco StarOS is the operating system on its devices. Cisco ASR 5000 Series Software is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCud14217. The following releases are affected: Cisco StarOS Release 12.0, Release 12.2(300), Release 14.0, Release 14.0(600)

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0130",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "cisco",
        "version": "12.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "cisco",
        "version": "14.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "14.0\\(600\\)"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2\\(300\\)"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "cisco",
        "version": "12.2(300)"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "cisco",
        "version": "14.0(600)"
      },
      {
        "model": "asr 5000 router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr 5500 router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr 5700 router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500014.0(600)"
      },
      {
        "model": "asr series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500014.0"
      },
      {
        "model": "asr series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500012.2(300)"
      },
      {
        "model": "asr series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500012.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "BID",
        "id": "74407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:12.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:12.2\\(300\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:14.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:14.0\\(600\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "74407"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0712",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0712",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-02849",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-78658",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0712",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-02849",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-002",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78658",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Cisco StarOS is the operating system on its devices. Cisco ASR 5000 Series Software is prone to a remote denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCud14217. The following releases are affected: Cisco StarOS Release 12.0, Release 12.2(300), Release 14.0, Release 14.0(600)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "BID",
        "id": "74407"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78658"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0712",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1032219",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "74407",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "64328",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-78658",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78658"
      },
      {
        "db": "BID",
        "id": "74407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ]
  },
  "id": "VAR-201505-0130",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78658"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:39:18.270000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "38580",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38580"
      },
      {
        "title": "Patch for Cisco StarOS Session Management Service Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/57984"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38580"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032219"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0712"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0712"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/64328"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78658"
      },
      {
        "db": "BID",
        "id": "74407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78658"
      },
      {
        "db": "BID",
        "id": "74407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "date": "2015-05-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78658"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "BID",
        "id": "74407"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "date": "2015-05-01T10:59:01.153000",
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "date": "2015-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02849"
      },
      {
        "date": "2015-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78658"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "BID",
        "id": "74407"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      },
      {
        "date": "2015-09-10T16:08:13.947000",
        "db": "NVD",
        "id": "CVE-2015-0712"
      },
      {
        "date": "2015-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 Run on device  StarOS of  session-manager Service disruption in services  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002527"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-002"
      }
    ],
    "trust": 0.6
  }
}

var-201708-1330

Vulnerability from variot

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47739 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. This may aid in further attacks

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1330",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0.v0.65839"
      },
      {
        "model": "asr 5000 series software",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series aggregated services routers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "500021.0.v0.65839"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.0.v0.65839"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "BID",
        "id": "100386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco.",
    "sources": [
      {
        "db": "BID",
        "id": "100386"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6774",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6774",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2017-22099",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-114977",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.1,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6774",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6774",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22099",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-788",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114977",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114977"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47739 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. This may aid in further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "BID",
        "id": "100386"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114977"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6774",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "100386",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1039182",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114977",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114977"
      },
      {
        "db": "BID",
        "id": "100386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "id": "VAR-201708-1330",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114977"
      }
    ],
    "trust": 1.4134865099999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:17.347000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170816-staros2",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-staros2"
      },
      {
        "title": "CiscoASR5000SeriesAggregatedServicesRoutersStarOS Patch for Any File Write Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/100498"
      },
      {
        "title": "Cisco ASR 5000 Series Aggregated Services Routers StarOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74105"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-552",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114977"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-staros2"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/100386"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039182"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6774"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6774"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114977"
      },
      {
        "db": "BID",
        "id": "100386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114977"
      },
      {
        "db": "BID",
        "id": "100386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114977"
      },
      {
        "date": "2017-08-16T00:00:00",
        "db": "BID",
        "id": "100386"
      },
      {
        "date": "2017-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "date": "2017-08-17T20:29:00.557000",
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "date": "2017-08-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22099"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114977"
      },
      {
        "date": "2017-08-16T00:00:00",
        "db": "BID",
        "id": "100386"
      },
      {
        "date": "2017-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-6774"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 Vulnerabilities related to authorization, authority, and access control in Aggregation Service Router",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007258"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-788"
      }
    ],
    "trust": 0.6
  }
}

var-201906-0295

Vulnerability from variot

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability. Cisco StarOS Contains a vulnerability in uninitialized pointer access.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco StarOS is a router operating system that controls the entire system logic and controls the process and CLI. Cisco StarOS is prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvn06757. Cisco StarOS is a set of virtualization operating system of Cisco (Cisco). Virtualized Packet Core-Distributed Instance (VPC-DI) is a production version of StarOS software deployed on a dedicated hardware platform. The following products and versions are affected: Cisco Virtualized Packet Core-Single Instance (VPC-SI); Virtualized Packet Core-Distributed Instance (VPC-DI)

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0295",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.7"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.10"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.10.2"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.11"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.7.11"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.11.1"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.8.10"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.8"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.9"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.9.7"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.6b.16"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.6.13"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.6b"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.6"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "21.6.12,\u003c21.6.13"
      },
      {
        "model": "staros \u003e=21.6b.13,\u003c21.6b.16",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "21.7.8,\u003c21.7.11"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "21.8.6,\u003c21.8.10"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "21.9.2,\u003c21.9.7"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "21.10.0,\u003c21.10.2"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "21.11.0,\u003c21.11.1"
      },
      {
        "model": "virtualized packet core-single instance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualized packet core-distributed instance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.11"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.10"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.9.2"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.8.6"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.7.8"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.6.12"
      },
      {
        "model": "staros 21.6b.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.11.1"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.10.2"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.9.7"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.8.10"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.7.11"
      },
      {
        "model": "staros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.6.13"
      },
      {
        "model": "staros 21.6b.16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "BID",
        "id": "108853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.11.1",
                    "versionStartIncluding": "21.11",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.6.13",
                    "versionStartIncluding": "21.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.6b.16",
                    "versionStartIncluding": "21.6b",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.7.11",
                    "versionStartIncluding": "21.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.8.10",
                    "versionStartIncluding": "21.8",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.9.7",
                    "versionStartIncluding": "21.9",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.10.2",
                    "versionStartIncluding": "21.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco.",
    "sources": [
      {
        "db": "BID",
        "id": "108853"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-1869",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-1869",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-18860",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-151061",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-1869",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-1869",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2019-1869",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-18860",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-806",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-151061",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-1869",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1869"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability. Cisco StarOS Contains a vulnerability in uninitialized pointer access.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco StarOS is a router operating system that controls the entire system logic and controls the process and CLI. Cisco StarOS is  prone to a remote denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCvn06757. Cisco StarOS is a set of virtualization operating system of Cisco (Cisco). Virtualized Packet Core-Distributed Instance (VPC-DI) is a production version of StarOS software deployed on a dedicated hardware platform. The following products and versions are affected: Cisco Virtualized Packet Core-Single Instance (VPC-SI); Virtualized Packet Core-Distributed Instance (VPC-DI)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "BID",
        "id": "108853"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1869"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1869",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "108853",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2207",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-151061",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1869",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1869"
      },
      {
        "db": "BID",
        "id": "108853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ]
  },
  "id": "VAR-201906-0295",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151061"
      }
    ],
    "trust": 1.407142865
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:36:13.063000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20190619-staros-asr-dos",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-staros-asr-dos"
      },
      {
        "title": "Patch for Cisco StarOS Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/164089"
      },
      {
        "title": "Cisco StarOS Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93955"
      },
      {
        "title": "Cisco: Cisco StarOS Denial of Service Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190619-staros-asr-dos"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1869"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-824",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-staros-asr-dos"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/108853"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1869"
      },
      {
        "trust": 0.9,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1869"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2207/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/824.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1869"
      },
      {
        "db": "BID",
        "id": "108853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1869"
      },
      {
        "db": "BID",
        "id": "108853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "date": "2019-06-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "date": "2019-06-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1869"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "BID",
        "id": "108853"
      },
      {
        "date": "2019-06-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "date": "2019-06-20T03:15:11.993000",
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-18860"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151061"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1869"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "BID",
        "id": "108853"
      },
      {
        "date": "2019-06-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      },
      {
        "date": "2019-10-09T23:48:23.503000",
        "db": "NVD",
        "id": "CVE-2019-1869"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS Vulnerable to uninitialized pointer access",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005777"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-806"
      }
    ],
    "trust": 0.6
  }
}

var-201706-0558

Vulnerability from variot

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco Bug IDs: CSCvc01665 CSCvc35565. Vendors have confirmed this vulnerability Bug ID CSCvc01665 and CSCvc35565 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Virtualized Packet Core (VPC) is a StarOS version classified by product. The following products and versions are affected: Cisco Virtualized Packet Core-Distributed Instance Software Release N5.1, Release N5.0, Release N4.7, Release N4.6, Release N4.5, Release N4.2, Release N4.0

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0558",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v19.3_base"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v21.0_base"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v20.0_base"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v20.2_base"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v20.1_base"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "v19.2_base"
      },
      {
        "model": "virtualized packet core",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n5.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n4.7",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n4.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n4.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n4.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.1"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "21.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20.2"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20.1"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20.0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.3"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.2"
      },
      {
        "model": "virtualized packet core-distributed instance software n4.7.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n4.2.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-distributed instance software n4.2.6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "BID",
        "id": "99195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v19.2_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v19.3_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v20.2_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v20.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v20.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:v21.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "99195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6678",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6678",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-16360",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114881",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6678",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6678",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-16360",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-952",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114881",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114881"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco Bug IDs: CSCvc01665 CSCvc35565. Vendors have confirmed this vulnerability Bug ID CSCvc01665 and CSCvc35565 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Virtualized Packet Core (VPC) is a StarOS version classified by product. The following products and versions are affected: Cisco Virtualized Packet Core-Distributed Instance Software Release N5.1, Release N5.0, Release N4.7, Release N4.6, Release N4.5, Release N4.2, Release N4.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "BID",
        "id": "99195"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114881"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6678",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "99195",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114881",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114881"
      },
      {
        "db": "BID",
        "id": "99195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "id": "VAR-201706-0558",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114881"
      }
    ],
    "trust": 1.41428573
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:05:45.819000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": " cisco-sa-20170621-vpc",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-vpc"
      },
      {
        "title": "CiscoVirtualizedPacketCore-DistributedInstance denial of service vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/98698"
      },
      {
        "title": "Cisco Virtualized Packet Core-Distributed Instance Software Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74432"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-755",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114881"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-vpc"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99195"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6678"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6678"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114881"
      },
      {
        "db": "BID",
        "id": "99195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114881"
      },
      {
        "db": "BID",
        "id": "99195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "date": "2017-06-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114881"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99195"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "date": "2017-06-26T07:29:00.247000",
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-16360"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114881"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99195"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      },
      {
        "date": "2019-10-09T23:28:55.450000",
        "db": "NVD",
        "id": "CVE-2017-6678"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Virtualized Packet Core-Distributed Instance Software  ingress UDP Vulnerability related to resource management in packet processing function",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005145"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-952"
      }
    ],
    "trust": 0.6
  }
}

var-201707-0901

Vulnerability from variot

A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0. Vendors have confirmed this vulnerability Bug ID CSCvc44968 It is released as.BGP Process reloaded, resulting in service disruption (DoS) There is a possibility of being put into a state. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). A security vulnerability exists in the Cisco ASR5000 Series Router. A remote attacker can cause a denial of service by sending a specific TCP packet to the StarOSBorderGatewayProtocol (BGP) service. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvc44968. StarOS is an operating system used in it

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0901",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.3_base"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.1.0.59776"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "20.0.1.a0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.1_base"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "20.0.1.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.1.0.59780"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.6.3"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.6_base"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "18.3.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "20.0.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.2.12"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.1_base"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.3.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.0.m0.60737"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.2.3.65026"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.0_m0.64246"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.0.m0.61045"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.3.1"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.1.v0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.4.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.0.m0.60828"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.7.5"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.l0.59219"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.0.59211"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.3_base"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.v0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.2_base"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.1.0.61559"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.1.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.3.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.0.59167"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.2.0.59184"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "16.5.2"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.1.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.2.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.2.v1"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.7.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.m0.63229"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.1.v2"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.m0.62842"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "18.0.0.57828"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.0.v1"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.0.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.2.0"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.0_base"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.0_m0.64702"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "16.4.1"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.0.2.3"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "19.0.1"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.3.9.62033"
      },
      {
        "model": "asr 5000 software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "16.5.0"
      },
      {
        "model": "asr 5000 series software",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "virtualized packet core software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "BID",
        "id": "100015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:16.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.3.9.62033:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.3_base:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60737:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.60828:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.2.3.65026:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.2.v1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.m0.62842:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.m0.63229:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.v0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:16.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.59167:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.59211:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.0.l0.59219:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.1.0.59776:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.6_base:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0.v1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0_base:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0_m0.64246:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.0.0.57828:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.1_base:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.3_base:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.0.m0.61045:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.1.0.61559:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.1.a0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.1_base:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.2_base:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0_m0.64702:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:16.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.2.0.59184:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:17.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.1.0.59780:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:18.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:19.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.0.1.v0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.1.v2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:20.2.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "100015"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6729",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6729",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-22154",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114932",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6729",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6729",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22154",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-392",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114932",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0. Vendors have confirmed this vulnerability Bug ID CSCvc44968 It is released as.BGP Process reloaded, resulting in service disruption (DoS) There is a possibility of being put into a state. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). A security vulnerability exists in the Cisco ASR5000 Series Router. A remote attacker can cause a denial of service by sending a specific TCP packet to the StarOSBorderGatewayProtocol (BGP) service. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCvc44968. StarOS is an operating system used in it",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "BID",
        "id": "100015"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114932"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6729",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "100015",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1038819",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114932",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114932"
      },
      {
        "db": "BID",
        "id": "100015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "id": "VAR-201707-0901",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114932"
      }
    ],
    "trust": 1.24681986
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:19.122000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170705-staros",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-staros"
      },
      {
        "title": "Patch for CiscoASR5500 SeriesRouters Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/100513"
      },
      {
        "title": "Cisco ASR 5000 Series Routers  and Cisco Virtualized Packet Core Software Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71590"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-staros"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/100015"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038819"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6729"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6729"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id/1038819"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114932"
      },
      {
        "db": "BID",
        "id": "100015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114932"
      },
      {
        "db": "BID",
        "id": "100015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "date": "2017-07-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114932"
      },
      {
        "date": "2017-07-28T00:00:00",
        "db": "BID",
        "id": "100015"
      },
      {
        "date": "2017-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "date": "2017-07-10T20:29:00.547000",
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22154"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114932"
      },
      {
        "date": "2017-07-28T00:00:00",
        "db": "BID",
        "id": "100015"
      },
      {
        "date": "2017-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-6729"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 For series router  Cisco StarOS and  VPC Software  BGP In processing functions  BGP Process reload vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005624"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-392"
      }
    ],
    "trust": 0.6
  }
}

var-201308-0052

Vulnerability from variot

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795. Open Shortest Path First (OSPF) The protocol specifications include: Link State Advertisement (LSA) There is a problem with the identification of. OSPF Specified in the protocol LSA Is LS Type , Advertising Router and Link State ID is included. OSPF In the provisions of router-LSA of Link State ID When Advertising Router Are supposed to be set to the same value. These two values are different, crafted router-LSA The contents of the routing table may be altered by receiving.The expected impact varies depending on each product and implementation. (DoS) An attacker may be able to attack you or direct network traffic to another router. OSPF is a routing protocol defined by RFC 2328 and is designed to manage IP routes in an AS. OSPF packets use the 89 IP protocol number. A vulnerability exists in the related OSPF routing protocol LSA database. Several Cisco products are affected by this vulnerability. This vulnerability allows unverified attackers to fully control the OSPF AS domain routing table, discard blackhole traffic, and intercept communications, which can lead to denial of service attacks. An attacker can inject a specially crafted OSPF packet to trigger the vulnerability. Successful exploitation of the vulnerability can \"clean\" the routing table on the target router and propagate the specially crafted OSPF LSA type 1 update to the entire OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters in the LSA data on the target router. This vulnerability can only be triggered by sending a specially crafted unicast or multicast LSA type 1 message. The other LSA type packets cannot trigger the vulnerability. The OSPFv3 and Fabric Shortest Path First (FSPF) protocols do not affect this vulnerability. This may aid in further attacks. IOS, IOS-XE, and NX-OS are all operating systems developed for their network devices. Both ASA and FWSM are firewall devices. The following products and versions are affected: Cisco IOS Releases 12.0 to 12.4 and 15.0 to 15.3, IOS-XE Releases 2.x to 3.9.xS, ASA and PIX Releases 7.x to 9.1, FWSM, NX-OS, StarOS 14.0. Versions prior to 50488

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0052",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios 12.0",
        "scope": null,
        "trust": 6.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 w5",
        "scope": null,
        "trust": 5.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s",
        "scope": null,
        "trust": 5.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1",
        "scope": null,
        "trust": 3.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s1",
        "scope": null,
        "trust": 3.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 3.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s6",
        "scope": null,
        "trust": 3.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e1",
        "scope": null,
        "trust": 2.7,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s5",
        "scope": null,
        "trust": 2.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s3",
        "scope": null,
        "trust": 2.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s4",
        "scope": null,
        "trust": 2.1,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1",
        "scope": null,
        "trust": 2.1,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ex",
        "scope": null,
        "trust": 2.1,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e3",
        "scope": null,
        "trust": 1.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s8",
        "scope": null,
        "trust": 1.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s7",
        "scope": null,
        "trust": 1.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1a",
        "scope": null,
        "trust": 1.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 t",
        "scope": null,
        "trust": 1.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 st",
        "scope": null,
        "trust": 1.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e4",
        "scope": null,
        "trust": 1.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(9\\)ex"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1cx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(8\\)ea"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1aa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1az"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1ax"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1da"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(8a\\)ex"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(9\\)ea"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1ay"
      },
      {
        "model": "ios 12.0 xe",
        "scope": null,
        "trust": 1.5,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s2",
        "scope": null,
        "trust": 1.5,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "12.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.2.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "12.0xv"
      },
      {
        "model": "ios 12.1 dc2",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 t",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e7",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ew",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10.5\\)ec"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1yh"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)ew3"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8a\\)ew"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1yj"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(32\\)s13"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)xn"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7a\\)ey3"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.3.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)s3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(11a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xz"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.2s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)ec"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(6\\)ey"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12c\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.3.2s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(6\\)ez1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xd"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xj"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xk"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(23\\)sx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0wt"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28\\)w5-32a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)xb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2\\)xg"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc2b"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)st6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)xa3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(2\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(32\\)s12"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)sl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(22\\)sy"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(30\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5.3\\)wc1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ew"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0sv"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.2s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)st"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xe2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)sl"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)st2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(12\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)s6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1yb"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.0sg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1gb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18\\)s7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10\\)s7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(15\\)s6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)e20"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7a\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.2s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2\\)xf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8\\)ea1b"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14\\)e4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xm"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e17"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0sl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0wx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)sp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)xn1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)e4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1yc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3\\)t2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(9\\)s8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(26\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(12\\)s4"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.00.xo.15.0\\(2\\)xo"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(26\\)s6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(6.5\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(11\\)st4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)w5\\(22b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xv"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)e2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16a\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.1s"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.5s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(15a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14\\)e10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xv"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xt"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12c\\)e7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)st5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xh"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1.3\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10\\)w5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)e3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14\\)ea1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ec"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)s4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(30\\)s4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)eo"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20.4\\)sp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19.3\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)e8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)s4a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28c\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.1t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3.4\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(22\\)s4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e14"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)sx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)e5"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.4sg"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(25\\)w5-27d"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)sp1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xf1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18\\)s5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(26\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(12a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11\\)ea1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0sc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14.5\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1yd"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)e14"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)db2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1eo"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8c\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xt"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(27\\)sv"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc3b"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)e5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xy"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.3sg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(2\\)e1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0sx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)st"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7\\)da2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10\\)w5\\(18f\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)ea1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(22\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)t2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(24\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1c\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)t2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0dc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1yf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(25\\)w5\\(27c\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)ey"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)ea1c"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7\\)ec"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xr"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12c\\)ev01"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13.4\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ey"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(9\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)dc2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8\\)ea2b"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(6\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)e9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)e1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)ex4"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12b\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.5.2"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(4\\)xm1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)w"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)e16"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(6.5\\)ec3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8a\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)t3"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.3.1s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xe"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0db"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(33\\)s4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(24\\)s5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5.4\\)wc1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)sc3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xu"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(4\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)yb4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(6b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(9a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0st"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1yi"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1sg"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.2s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10a\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.2sg"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(8.0.2\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16.06\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)st7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8\\)aa1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(27\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xm"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)s8"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.0s"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.4s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1x\\(l\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)st8"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.1s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28\\)w5-30b"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5.2\\)xu"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)sl2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(2\\)xf5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1a\\)t1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(6a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ea1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)xs"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(15\\)sl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(23\\)s6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(9\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2\\)xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(9a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)e18"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc5a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)xk2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(31\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28\\)w5\\(31a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(16\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ea"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)s2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(4\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xc"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xr"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3.6\\)w5\\(9.0.5\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(15\\)s3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3d\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(14\\)w5\\(20\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(4\\)xe1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(26\\)w5\\(28\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10\\)s8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(4\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)ex2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3.3\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(11\\)s6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0sp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(15\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ev"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ew2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28d\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)t1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11\\)ec"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xb"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)xu"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)sp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(25\\)w5\\(27\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)st6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5a\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1eb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(8\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18\\)st1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.7.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18\\)sl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3.2\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xk2"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.1s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)fc1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ew"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(9\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.3s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xi"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)sl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(2\\)xf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)ex"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xw"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(24\\)s6"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.1s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28\\)s5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)s5a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14\\)e1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ex"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ew1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.3s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(6\\)ea2c"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ec2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11.5\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(32\\)sy9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)ew"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(13\\)s8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(13a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e13"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(27\\)sv1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(32\\)sy8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(9\\)aa"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.xs"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(26\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(9\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)sl4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)s4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(14\\)s7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(14\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(8\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0da"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10\\)w5\\(18g\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(23\\)s3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(30\\)s2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)st2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xq"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12c\\)ew4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1dc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)s7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(23\\)s5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)st"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12c\\)ec"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.3.3s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(8.3\\)sc"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.1sg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(22\\)s5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(12\\)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.0sg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(9\\)ex3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)sl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(27\\)sv2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)s7"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.4s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e12"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xk"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(13\\)wt6\\(1\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xn"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0w"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1eu"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)st6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(33\\)s3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(8a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)e1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(05\\)wc8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(27\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)sl9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(24.2\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc11"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(26\\)w5\\(28a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(15\\)sc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)ec1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.3.0sg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)sx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2\\)xc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8b\\)e15"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)eo1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.0as"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ye"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.0xo"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(9\\)e3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xs"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(13\\)w5\\(19c\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)st1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)e"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0wc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)dc1"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.xs"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(15\\)bc1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(19\\)s2a"
      },
      {
        "model": "fwsm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0sz"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)xk"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(31\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)ec"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.0"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(27\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ec"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14\\)eb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)s"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.7.1s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)ew4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc9a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(12\\)s3"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.3.1sg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)sc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10\\)s3b"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5.1\\)xp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0w5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xk"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)eo3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7\\)cx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7.4\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(8a\\)ew1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xw"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)aa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(4\\)xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ea1a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(14a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xi"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(4\\)xm"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18\\)s5a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18\\)w5\\(22b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(24\\)s4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(26\\)s2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(18.4\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)db2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(24\\)s2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(14\\)st"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(23\\)s4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ga"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ew4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e12"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)sc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)dc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)ec1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xh"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)s8a"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(23\\)s2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)sl6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)db"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)ay"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)ew"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(2\\)xd"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xx"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.0\\(2\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ez"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1db"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xj"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(1\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(28\\)s3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(14\\)st3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7a\\)e6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(18\\)s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(21\\)st"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ya"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(2\\)xf4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(15\\)s7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)wc13"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "14.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(17\\)st1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xq"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(20\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(13\\)s6"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(10\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)w5\\(21\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(25\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7a\\)ey"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.9.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(6\\)ez2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)wx5\\(15a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(25.4\\)s1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(14\\)e9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1m"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(7\\)xk3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(23\\)sz"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3\\)xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xs"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0ev"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(16\\)s10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1sec"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xu"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)e6"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.5.0"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.2s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xd"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(20\\)st7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0sy"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(10\\)ex"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(3\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(7\\)da3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(18\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(5\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(14\\)s8"
      },
      {
        "model": "ios 12.1 e8",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e2",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 dc",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 st6",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 db",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ew1",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ew4",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 db1",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1c",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sx",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 st1",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e5",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ey",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ew2",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "brocade",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "d link",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "enterasys",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "extreme",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vyatta",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "yamaha",
        "version": null
      },
      {
        "model": "asa 5500 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.x to  9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.0 to  12.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "15.0 to  15.3"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.x to  3.9.xs"
      },
      {
        "model": "nx-os",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.x to  9.1"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "14.0.50488"
      },
      {
        "model": "nx-os software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asr",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "ios software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios-xe software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asa service module",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "pix firewall",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 st7",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 t7",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xk1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e14",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 eb2",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 t1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s5a",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 db2",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e12",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 4.1 n2",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xt2",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 t3",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xe1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xs",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xe?",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s10",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xm4",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e6",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xu",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 t2",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 dc1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e9",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 st2",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xk2",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1b",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sc",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e10",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc9",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 eb",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 db",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sy",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xk",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.0.7"
      },
      {
        "model": "ios 12.1 t1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.0 m5a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc 2900xl-lre",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 e",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc10",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc17",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "ios 12.1 ea4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xk3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(24)"
      },
      {
        "model": "ios 12.1 ea9",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xf4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(21)"
      },
      {
        "model": "ios 12.0xf",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(28)"
      },
      {
        "model": "ios 12.0xm",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(1)"
      },
      {
        "model": "ios 12.1 ea7",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe 3.1xsg",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sy7",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 bc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s4a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xw",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(20)"
      },
      {
        "model": "ios 15.1 m1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc13",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 eo1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 dc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sv2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s8a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xr",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sy3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(18)"
      },
      {
        "model": "ios 12.0 xn",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e17",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sy11",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(13)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(16)"
      },
      {
        "model": "ios 12.0wc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xk",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea6",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0sv",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 t10",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 eb1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(25)"
      },
      {
        "model": "ios 12.1 ea1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.2"
      },
      {
        "model": "ios 12.0 xs?",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.1"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(0.54)"
      },
      {
        "model": "ios 12.1 ea11",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(2)"
      },
      {
        "model": "ios 12.0 sz10",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(14)"
      },
      {
        "model": "ios 12.1 ea10b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "ios 12.0 sy9a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xf",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "ios 12.0xq",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xi",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xh",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(14)"
      },
      {
        "model": "ios 12.0 wc3b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(11)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.1"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.19"
      },
      {
        "model": "ios 12.0 xm1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(18.4)"
      },
      {
        "model": "ios 12.0da",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.6"
      },
      {
        "model": "ios 12.0 wc16",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sy9b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 5.0 u2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xj",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 4.2 sv1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xe2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.4"
      },
      {
        "model": "ios 12.0xt",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0st",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xf",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sp",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1.1)"
      },
      {
        "model": "ios s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.4"
      },
      {
        "model": "ios 12.0 s9",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xu",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xi2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0w5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xa3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(17)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(25)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.5"
      },
      {
        "model": "ios 12.0 yb4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe 3.1.xs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(8)"
      },
      {
        "model": "ios 12.0 wc8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 5.1 n1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(7)"
      },
      {
        "model": "ios 12.1 ea13",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 eo6",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios t2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.3"
      },
      {
        "model": "ios 12.1 xp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 eo3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 5.0 n2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 t4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.2"
      },
      {
        "model": "ios 12.0xn",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe 3.2.0sg",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.2"
      },
      {
        "model": "ios 12.1 da1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 m3a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xi8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.2"
      },
      {
        "model": "ios 12.0 st4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xi",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(13)"
      },
      {
        "model": "ios 12.1 ev3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.1 t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xp",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sz",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xj5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ew3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios w",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(5)xv3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(20)"
      },
      {
        "model": "ios 12.1 ex2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sv",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xf5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 yj3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(11.1)"
      },
      {
        "model": "ios 12.0 xf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0sp",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xq",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc14",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xe",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 w5-30b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xr",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s15",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(5)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(22)"
      },
      {
        "model": "ios 12.0 sy8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.0 m1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "ios 12.0 sy4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xm",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 t6",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.5"
      },
      {
        "model": "ios 12.0 sy5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xp",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0wx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xd",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.0 m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea14",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xw",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(27)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(6)"
      },
      {
        "model": "ios 12.1 xt",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(5)xv1"
      },
      {
        "model": "ios xb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.1"
      },
      {
        "model": "ios 12.1 t8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(3)"
      },
      {
        "model": "ios 12.0 st5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xg",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(3)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1.2)"
      },
      {
        "model": "ios 12.1 xg5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 fc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.1"
      },
      {
        "model": "ios 15.0 m8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 t17",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xp",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(5)"
      },
      {
        "model": "ios 12.0 wc5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(3)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(7)xv"
      },
      {
        "model": "ios 12.0 wc4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xl",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "ios 12.0 t8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 4.0 n2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0ev",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ay",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(21)"
      },
      {
        "model": "ios 12.0y",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0sl",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 eo",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(27)"
      },
      {
        "model": "ios 12.0 sv1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xu1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 aa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(5)xv"
      },
      {
        "model": "ios 15.1 m2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc15",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea5a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xa3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.1"
      },
      {
        "model": "ios 15.1 m3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2 t1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 st8",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xl2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(5)xv5"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(4)"
      },
      {
        "model": "ios 12.1 ax",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0sz",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xz7",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sl2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "ios 12.1 ea4a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e15",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sy10",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s3b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(4)"
      },
      {
        "model": "ios 12.0sc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.1"
      },
      {
        "model": "nx-os 5.0 n1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(2)"
      },
      {
        "model": "ios 12.1 t12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(19)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(3.2)"
      },
      {
        "model": "nx-os 5.0 u1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xt3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea10a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0w",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wt6",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ios xd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.2"
      },
      {
        "model": "ios 12.0 sfx4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sl6",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(20.3)"
      },
      {
        "model": "ios 12.0 xn1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 s11",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(15)"
      },
      {
        "model": "ios 15.2 t2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 t9",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xi4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 da3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(16)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1(1.7)"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ios xe 3.3.xs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wc7",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 w5-32a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sz4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(12)"
      },
      {
        "model": "ios 12.0 w5-27d",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0wt",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1(1)"
      },
      {
        "model": "ios 15.0 m7",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sl9",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ev01",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 4.2 n2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "ios 12.1 xz",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(4)"
      },
      {
        "model": "ios 12.0 wc2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 xm",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(19)"
      },
      {
        "model": "ios 12.0 s14",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(5)xv4"
      },
      {
        "model": "ios xe 3.6.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e13",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xs2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "ios 12.1 t15",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sl1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe 3.5.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(17)"
      },
      {
        "model": "ios 12.0t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xm7",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.0 m2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "ios 12.0 wc5a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.0 m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 15.2 t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      },
      {
        "model": "ios 12.0 db2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 xm6",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(26)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.3"
      },
      {
        "model": "ios 12.1 ea8a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe 3.4.2s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ios 12.0 wc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(5)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(10)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(9)"
      },
      {
        "model": "ios 12.1 t5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 st3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 sl4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0db",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0 wx5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ay1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1(2)"
      },
      {
        "model": "ios xe 3.5.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0(12)"
      },
      {
        "model": "ios 12.0dc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea10",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "BID",
        "id": "61566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18g\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(14\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(12a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(1\\)w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(11\\)st4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(14\\)w5\\(20\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(13a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16.06\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)st:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(05\\)wc8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18f\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10\\)s8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(1\\)xa3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(13\\)w5\\(19c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(14\\)st:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(14a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)w5\\(21\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)sl4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)st2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18\\)sl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(15\\)sc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(4\\)t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20.4\\)sp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(22\\)s5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(22\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)sz:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)sx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(25\\)w5-27d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(25\\)w5\\(27c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28\\)s3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\)w5\\(28a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3d\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3.2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3.6\\)w5\\(9.0.5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(32\\)sy9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xd:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xf:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(11\\)s6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(13\\)s6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(11a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(1\\)xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(13\\)wt6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(14\\)s8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)st1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)st8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)st6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)st2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)w5\\(22b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)sl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)t1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)t2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)sx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)st7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24.2\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28\\)w5-32a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28\\)s5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(30\\)s2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(30\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3\\)xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(33\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(33\\)s3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(32\\)s13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(8\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xk:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xr:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sy:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)db2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xu:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xs:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7.4\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)t3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(8.3\\)sc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\)e5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ey:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ex:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)s7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)st6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)st7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)sp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(4\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3\\)t2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)st6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)st:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(22\\)sy:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(25\\)w5\\(27\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(25\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28d\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28\\)w5-30b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(31\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3.4\\)t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(32\\)s12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(32\\)sy8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0db:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5.1\\)xp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xs:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xt:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xq:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0wx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)dc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)yb4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xv:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)t2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sv:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(8a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\)t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\)aa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ea1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ea1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(2\\)xf5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(2\\)xf4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14\\)eb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10.5\\)ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)ew3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)ev01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0dc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xn:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xu:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xv:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0wt:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0wc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xf:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5.4\\)wc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)sc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5.3\\)wc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5.2\\)xu:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(8.0.2\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)wx5\\(15a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0ev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1.3\\)t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\)db2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\)db:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\)e4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14.5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19.3\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)fc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(15\\)bc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ex2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13.4\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)e7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)ea1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ez1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ez2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(6.5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7\\)ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7a\\)e6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1sec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xk:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9\\)aa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)ex:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ax:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ey:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ez:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1eu:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xz:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ya:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1yj:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)eo1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)eo3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(2\\)xf:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(2\\)e1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)ew:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\)ex:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ea1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)ew4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(16\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(2\\)t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7\\)cx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)ew:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)ex4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ey:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9\\)ex3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9\\)ea:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ay:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1da:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1eb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xq:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xf:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1yd:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ye:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xw:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xt:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(12\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(6.5\\)ec3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(6a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7a\\)ey:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7a\\)ey3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)ew1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1dc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1db:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1aa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1az:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ga:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1gb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ew:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xs:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xr:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xh:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1yf:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1yh:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xy:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xv:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(1\\)st:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(1\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10\\)s3b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(10\\)s7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(1\\)xb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(13\\)s8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(12\\)s3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(12\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(14\\)st3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(14\\)s7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(15a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(12\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(16a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)st1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)st5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18\\)w5\\(22b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(18\\)st1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(19\\)st:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(15\\)sl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s4a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(22\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(21\\)sl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(25.4\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28\\)w5\\(31a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(28\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(27\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(26\\)w5\\(28\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(31\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(30\\)s4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(3.3\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0da:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(6\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(9\\)s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xw:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xi:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc9a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xd:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0sc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(6b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5a\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(8\\)s1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(9a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0\\(9\\)s8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\)dc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1\\)dc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ec1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11.5\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(10\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(1a\\)t1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(18.4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ew4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(14\\)ea1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ea1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ew:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ay:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(18\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)eo:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7\\)da2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(7\\)da3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8\\)aa1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ea2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1x\\(l\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9\\)e3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(9\\)ex:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1cx:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ex:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1eo:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xd:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1yb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1yc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xu:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1yi:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.7.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.4s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.5.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.6.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.5s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.3.1sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.xs:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.6.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.5.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.0as:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.2s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.3sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.4sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.00.xo.15.0\\(2\\)xo:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.9.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.4s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.2s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.3s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.5.2s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.0sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.3.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.0xo:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.3.0sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:2.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.7.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.3s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.6.2s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.2s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.4.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.3.2s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.3.3s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.1sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.5.xs:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.2.2sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.3.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:8.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:staros:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:fwsm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. Gabi Nakibly from Rafael Advanced Defense Systems as joint work he conducted with Eitan Menahem, Yuval Elovici and Ariel Waizel of Telekom Innovation Laboratories at Ben Gurion University",
    "sources": [
      {
        "db": "BID",
        "id": "61566"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-0149",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "availabilityRequirement": "HIGH",
            "baseScore": 5.4,
            "collateralDamagePotential": "MEDIUM-HIGH",
            "confidentialityImpact": "PARTIAL",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 5.1,
            "exploitability": "PROOF-OF-CONCEPT",
            "exploitabilityScore": 5.5,
            "id": "CVE-2013-0149",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "MEDIUM",
            "targetDistribution": "MEDIUM",
            "trust": 0.8,
            "userInterationRequired": null,
            "vector_string": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-0149",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2013-11490",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-60151",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-0149",
            "trust": 2.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-11490",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-057",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-60151",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "VULHUB",
        "id": "VHN-60151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795. Open Shortest Path First (OSPF) The protocol specifications include: Link State Advertisement (LSA) There is a problem with the identification of. OSPF Specified in the protocol LSA Is LS Type , Advertising Router and Link State ID is included. OSPF In the provisions of router-LSA of Link State ID When Advertising Router Are supposed to be set to the same value. These two values are different, crafted router-LSA The contents of the routing table may be altered by receiving.The expected impact varies depending on each product and implementation. (DoS) An attacker may be able to attack you or direct network traffic to another router. OSPF is a routing protocol defined by RFC 2328 and is designed to manage IP routes in an AS. OSPF packets use the 89 IP protocol number. A vulnerability exists in the related OSPF routing protocol LSA database. Several Cisco products are affected by this vulnerability. This vulnerability allows unverified attackers to fully control the OSPF AS domain routing table, discard blackhole traffic, and intercept communications, which can lead to denial of service attacks. An attacker can inject a specially crafted OSPF packet to trigger the vulnerability. Successful exploitation of the vulnerability can \\\"clean\\\" the routing table on the target router and propagate the specially crafted OSPF LSA type 1 update to the entire OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters in the LSA data on the target router. This vulnerability can only be triggered by sending a specially crafted unicast or multicast LSA type 1 message. The other LSA type packets cannot trigger the vulnerability. The OSPFv3 and Fabric Shortest Path First (FSPF) protocols do not affect this vulnerability. This may aid in further attacks. IOS, IOS-XE, and NX-OS are all operating systems developed for their network devices. Both ASA and FWSM are firewall devices. The following products and versions are affected: Cisco IOS Releases 12.0 to 12.4 and 15.0 to 15.3, IOS-XE Releases 2.x to 3.9.xS, ASA and PIX Releases 7.x to 9.1, FWSM, NX-OS, StarOS 14.0. Versions prior to 50488",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "BID",
        "id": "61566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-60151"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-0149",
        "trust": 4.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#229804",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "61566",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVNVU96465452",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-057",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20130801 OSPF LSA MANIPULATION VULNERABILITY IN MULTIPLE CISCO PRODUCTS",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-60151",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "VULHUB",
        "id": "VHN-60151"
      },
      {
        "db": "BID",
        "id": "61566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ]
  },
  "id": "VAR-201308-0052",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "VULHUB",
        "id": "VHN-60151"
      }
    ],
    "trust": 1.3929784875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:08:53.471000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "29974",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewambalert.x?alertid=29974"
      },
      {
        "title": "OSPF LSA Manipulation Vulnerability in Multiple Cisco Products  (cisco-sa-20130801-lsaospf)",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130801-lsaospf"
      },
      {
        "title": "2013-07 Out of Cycle Security Bulletin: Multiple products: OSPF protocol vulnerability (CVE-2013-0149)",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10582"
      },
      {
        "title": "NV13-006",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv13-006.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2013",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2013 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013verbose-1899842.html"
      },
      {
        "title": "RFC\u306e\u8a18\u8ff0\u306e\u4e0d\u6574\u5408\u3092\u8d77\u56e0\u3068\u3059\u308bOSPFv2\u306e\u8106\u5f31\u6027(VU#229804)\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/vu96465452.html"
      },
      {
        "title": "October 2013 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2013_critical_patch_update"
      },
      {
        "title": "30210",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30210"
      },
      {
        "title": "OSPF LSA Manipulation Vulnerability in Multiple Cisco Products  (cisco-sa-20130801-lsaospf)",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/111/1119/1119243_cisco-sa-20130801-lsaospf-j.html"
      },
      {
        "title": "Multiple Cisco product remote security bypass vulnerability patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/38006"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130801-lsaospf"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/229804"
      },
      {
        "trust": 1.6,
        "url": "http://tools.ietf.org/html/rfc2328"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/open_shortest_path_first"
      },
      {
        "trust": 0.8,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk94490"
      },
      {
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30210"
      },
      {
        "trust": 0.8,
        "url": "https://cp-enterasys.kb.net/article.aspx?article=15134\u0026p=1"
      },
      {
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1019716"
      },
      {
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10582\u0026cat=sirt_1\u0026actp="
      },
      {
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv13-006.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/vu96465452.html"
      },
      {
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb79309\u0026actp=list"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0149"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu96465452/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0149"
      },
      {
        "trust": 0.6,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscug34485"
      },
      {
        "trust": 0.6,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscug34469"
      },
      {
        "trust": 0.6,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscug39762"
      },
      {
        "trust": 0.6,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscug63304"
      },
      {
        "trust": 0.6,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscug39795"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "VULHUB",
        "id": "VHN-60151"
      },
      {
        "db": "BID",
        "id": "61566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "db": "VULHUB",
        "id": "VHN-60151"
      },
      {
        "db": "BID",
        "id": "61566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "date": "2013-08-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "date": "2013-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-60151"
      },
      {
        "date": "2013-08-01T00:00:00",
        "db": "BID",
        "id": "61566"
      },
      {
        "date": "2013-08-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "date": "2013-08-05T13:22:47.847000",
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "date": "2013-08-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#229804"
      },
      {
        "date": "2013-08-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11490"
      },
      {
        "date": "2013-08-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-60151"
      },
      {
        "date": "2014-08-05T00:29:00",
        "db": "BID",
        "id": "61566"
      },
      {
        "date": "2013-10-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003639"
      },
      {
        "date": "2013-08-13T17:18:34.893000",
        "db": "NVD",
        "id": "CVE-2013-0149"
      },
      {
        "date": "2013-08-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-057"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#229804"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "61566"
      }
    ],
    "trust": 0.3
  }
}

var-201804-1017

Vulnerability from variot

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385. Cisco StarOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf32385 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco AggregationServicesRouter (ASR) 5000SeriesRouters is a 5000 series of secure router devices. VirtualizedPacketCore (VPC) SystemSoftware is a commercial version of the StarOS software deployed on a dedicated hardware platform. StarOS is a set of operating systems used in it

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1017",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0.v4"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.1.v6"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.3.1"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0.v0.65819"
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.4.0"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aggregation services router series",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5700"
      },
      {
        "model": "virtualized packet core-distributed instance system software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualized packet core-single instance system software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.4"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.3.1"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.1.v6"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.0.v4"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.0.v0.65819"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "BID",
        "id": "103923"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.0.v0.65819:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.0.v4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.1.v6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "103923"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0239",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0239",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-09782",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-118441",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0239",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0239",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-09782",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-1103",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118441",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118441"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385. Cisco StarOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf32385 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco AggregationServicesRouter (ASR) 5000SeriesRouters is a 5000 series of secure router devices. VirtualizedPacketCore (VPC) SystemSoftware is a commercial version of the StarOS software deployed on a dedicated hardware platform. StarOS is a set of operating systems used in it",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "BID",
        "id": "103923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118441"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0239",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "103923",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1040720",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118441",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118441"
      },
      {
        "db": "BID",
        "id": "103923"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ]
  },
  "id": "VAR-201804-1017",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118441"
      }
    ],
    "trust": 1.3686480125
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:52:42.285000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20180418-staros",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-staros"
      },
      {
        "title": "Cisco ASR5700 Series Routers Enter Patches for Validation Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/129537"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118441"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/103923"
      },
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-staros"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040720"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0239"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0239"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118441"
      },
      {
        "db": "BID",
        "id": "103923"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118441"
      },
      {
        "db": "BID",
        "id": "103923"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118441"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "BID",
        "id": "103923"
      },
      {
        "date": "2018-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "date": "2018-04-19T20:29:00.770000",
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09782"
      },
      {
        "date": "2020-09-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118441"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "BID",
        "id": "103923"
      },
      {
        "date": "2018-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      },
      {
        "date": "2020-09-04T18:28:13.173000",
        "db": "NVD",
        "id": "CVE-2018-0239"
      },
      {
        "date": "2020-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004347"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1103"
      }
    ],
    "trust": 0.6
  }
}

var-201802-0591

Vulnerability from variot

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335. Vendors have confirmed this vulnerability Bug ID CSCvf93335 It is released as.Information may be tampered with

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0591",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.3.0.67664"
      },
      {
        "model": "staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:21.3.0.67664:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "103028"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0122",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.9,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0122",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-118324",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0122",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0122",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201802-275",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118324",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335. Vendors have confirmed this vulnerability Bug ID CSCvf93335 It is released as.Information may be tampered with",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "db": "BID",
        "id": "103028"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118324"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0122",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "103028",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1040340",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-118324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118324"
      },
      {
        "db": "BID",
        "id": "103028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ]
  },
  "id": "VAR-201802-0591",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118324"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:57:04.022000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20180207-asr",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-asr"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-asr"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/103028"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040340"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0122"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0122"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118324"
      },
      {
        "db": "BID",
        "id": "103028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118324"
      },
      {
        "db": "BID",
        "id": "103028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-02-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118324"
      },
      {
        "date": "2018-02-15T00:00:00",
        "db": "BID",
        "id": "103028"
      },
      {
        "date": "2018-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "date": "2018-02-08T07:29:00.477000",
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "date": "2018-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118324"
      },
      {
        "date": "2018-02-15T00:00:00",
        "db": "BID",
        "id": "103028"
      },
      {
        "date": "2018-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      },
      {
        "date": "2020-09-04T17:15:35.310000",
        "db": "NVD",
        "id": "CVE-2018-0122"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "103028"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco StarOS Operating system input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002220"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-275"
      }
    ],
    "trust": 0.6
  }
}

var-202106-0906

Vulnerability from variot

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco ASR 5000 Series software (StarOS) Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco ASR 5000 is a 5000 series gateway product of Cisco (Cisco)

Show details on source website

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0906",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.17.10"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.18.16"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.20.8"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.20.0"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.0"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.16.9"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.n"
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.11"
      },
      {
        "model": "virtualized packet core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "staros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.19.n7"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.17.0"
      },
      {
        "model": "staros",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.18.0"
      },
      {
        "model": "cisco staros",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "cisco virtualized packet core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.16.9",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.17.10",
                    "versionStartIncluding": "21.17.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.18.16",
                    "versionStartIncluding": "21.18.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.19.11",
                    "versionStartIncluding": "21.19.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.19.n7",
                    "versionStartIncluding": "21.19.n",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "21.20.8",
                    "versionStartIncluding": "21.20.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_packet_core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      }
    ]
  },
  "cve": "CVE-2021-1539",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-1539",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-374593",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-1539",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1539",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2021-1539",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-124",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-374593",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1539",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-124"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco ASR 5000 Series software (StarOS) Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco ASR 5000 is a 5000 series gateway product of Cisco (Cisco)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1539"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1539",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021060213",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1903",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-124",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-374593",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1539",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-124"
      }
    ]
  },
  "id": "VAR-202106-0906",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374593"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:25:34.959000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-asr5k-autho-bypass-mJDF5S7n",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-autho-bypass-mjdf5s7n"
      },
      {
        "title": "Cisco: Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-asr5k-autho-bypass-mjdf5s7n"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-863",
        "trust": 1.1
      },
      {
        "problemtype": "Bad authentication (CWE-863) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-autho-bypass-mjdf5s7n"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1539"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cisco-asr-5000-privilege-escalation-via-authorization-bypass-35593"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021060213"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1903"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/863.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-124"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-124"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "date": "2021-06-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1539"
      },
      {
        "date": "2021-07-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "date": "2021-06-04T17:15:09.757000",
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-124"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374593"
      },
      {
        "date": "2021-06-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1539"
      },
      {
        "date": "2021-07-06T02:54:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      },
      {
        "date": "2023-11-07T03:28:34.363000",
        "db": "NVD",
        "id": "CVE-2021-1539"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-124"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-124"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco\u00a0ASR\u00a05000\u00a0 Unauthorized authentication vulnerability in series software",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001953"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

Vulnerability from fkie_nvd

Published

2021-06-04 17:15

Modified

2024-11-21 05:44

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-
cisco	virtualized_packet_core	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B3FDA9A-CEB5-451B-AE92-4AE727D477FB",
              "versionEndExcluding": "21.16.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DD8225-32A7-41B0-AD98-D087835FAC7E",
              "versionEndExcluding": "21.17.10",
              "versionStartIncluding": "21.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C993F0DB-5AD2-4FF4-AF4D-7F99C9CF0396",
              "versionEndExcluding": "21.18.16",
              "versionStartIncluding": "21.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "739F9C47-AEAC-41CC-B9BB-36EA43F081CB",
              "versionEndExcluding": "21.19.11",
              "versionStartIncluding": "21.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D823601-77FE-40A2-B281-D5E4547B28C0",
              "versionEndExcluding": "21.19.n7",
              "versionStartIncluding": "21.19.n",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27025ED8-2512-4F81-81F2-FD836D4CA68F",
              "versionEndExcluding": "21.20.8",
              "versionStartIncluding": "21.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_packet_core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B88F195D-ECA6-414A-B8C0-6C8B47B595E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en el proceso de autorizaci\u00f3n de Cisco ASR 5000 Series Software (StarOS), podr\u00eda permitir a un atacante remoto autenticado omitir la autorizaci\u00f3n y ejecutar un subconjunto de comandos de CLI en un dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
    }
  ],
  "id": "CVE-2021-1540",
  "lastModified": "2024-11-21T05:44:34.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-04T17:15:09.917",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-26 05:15

Modified

2024-11-21 04:29

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E162D2B8-7240-4287-AEC9-FBEC680A1E73",
              "versionEndExcluding": "21.16.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n del Stream Control Transmission Protocol (SCTP) en Cisco Mobility Management Entity (MME), podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un eNodeB que est\u00e9 conectado en un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente del tr\u00e1fico SCTP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el aprovechamiento de una posici\u00f3n de tipo man-in-the-middle entre el eNodeB y el MME y luego enviar un mensaje SCTP dise\u00f1ado hacia el MME. Una explotaci\u00f3n con \u00e9xito causar\u00eda que el MME dejara de enviar mensajes SCTP hacia el eNodeB, desencadenando una condici\u00f3n DoS."
    }
  ],
  "id": "CVE-2019-16026",
  "lastModified": "2024-11-21T04:29:57.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-26T05:15:16.380",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-13 22:15

Modified

2024-11-21 05:43

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63993C7F-3FE3-4095-A896-2109DEE40D1C",
              "versionEndExcluding": "21.19.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en los Enrutadores Secure FTP (SFTP) de Cisco StarOS para Cisco ASR 5000 Series, podr\u00eda permitir a un atacante autenticado remoto leer archivos arbitrarios en un dispositivo afectado.\u0026#xa0;Para explotar esta vulnerabilidad, el atacante deber\u00eda tener credenciales v\u00e1lidas en el dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido al manejo no seguro de enlaces simb\u00f3licos.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un comando SFTP dise\u00f1ado hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer archivos arbitrarios en el dispositivo afectado."
    }
  ],
  "id": "CVE-2021-1145",
  "lastModified": "2024-11-21T05:43:41.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-13T22:15:14.803",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-17 17:15

Modified

2024-11-21 05:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	staros	*

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6641C2A8-1E57-4C46-A9E7-3A4177E5FC84",
              "versionEndIncluding": "21.19.10",
              "versionStartIncluding": "21.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servicio SSH del sistema operativo Cisco StarOS podr\u00eda permitir a un atacante remoto no autenticado causar que un dispositivo afectado dejara de procesar el tr\u00e1fico, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\u0026#xa0;La vulnerabilidad es debido a un error l\u00f3gico que puede ocurrir en condiciones de tr\u00e1fico espec\u00edficas.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo una serie de paquetes dise\u00f1ados hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante impedir que el servicio apuntado reciba cualquier tr\u00e1fico, lo que conllevar\u00eda a una condici\u00f3n de DoS en el dispositivo afectado"
    }
  ],
  "id": "CVE-2021-1378",
  "lastModified": "2024-11-21T05:44:13.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-17T17:15:13.583",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-04 17:15

Modified

2024-11-21 05:44

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-
cisco	virtualized_packet_core	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B3FDA9A-CEB5-451B-AE92-4AE727D477FB",
              "versionEndExcluding": "21.16.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DD8225-32A7-41B0-AD98-D087835FAC7E",
              "versionEndExcluding": "21.17.10",
              "versionStartIncluding": "21.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C993F0DB-5AD2-4FF4-AF4D-7F99C9CF0396",
              "versionEndExcluding": "21.18.16",
              "versionStartIncluding": "21.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "739F9C47-AEAC-41CC-B9BB-36EA43F081CB",
              "versionEndExcluding": "21.19.11",
              "versionStartIncluding": "21.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D823601-77FE-40A2-B281-D5E4547B28C0",
              "versionEndExcluding": "21.19.n7",
              "versionStartIncluding": "21.19.n",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27025ED8-2512-4F81-81F2-FD836D4CA68F",
              "versionEndExcluding": "21.20.8",
              "versionStartIncluding": "21.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_packet_core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B88F195D-ECA6-414A-B8C0-6C8B47B595E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en el proceso de autorizaci\u00f3n de Cisco ASR 5000 Series Software (StarOS), podr\u00eda permitir a un atacante remoto autenticado omitir la autorizaci\u00f3n y ejecutar un subconjunto de comandos de CLI en un dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
    }
  ],
  "id": "CVE-2021-1539",
  "lastModified": "2024-11-21T05:44:34.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-04T17:15:09.757",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-06 19:15

Modified

2024-11-21 06:43

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	staros	*
cisco	ultra_cloud_core	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37CB900-E6A6-404E-A212-100794776D72",
              "versionEndExcluding": "21.22.n6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F638F13-D4D3-4606-ADDD-FE0835BFB0A4",
              "versionEndExcluding": "21.23.n7",
              "versionStartIncluding": "21.23.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ultra_cloud_core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E7750F-09A7-4885-A2B4-61C8FD2A73B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI de Cisco StarOS podr\u00eda permitir a un atacante local autenticado elevar los privilegios en un dispositivo afectado. Esta vulnerabilidad es debido a que no ha sido comprobado suficientemente la entrada de los comandos de la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de comandos dise\u00f1ados a la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con los privilegios del usuario root. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales administrativas v\u00e1lidas en un dispositivo afectado"
    }
  ],
  "id": "CVE-2022-20665",
  "lastModified": "2024-11-21T06:43:16.323",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-06T19:15:07.947",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-19 20:29

Modified

2024-11-21 03:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/103923	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1040720	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103923	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040720	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	21.0.v0.65819
cisco	staros	21.0.v4
cisco	staros	21.1.v6
cisco	staros	21.3.1
cisco	staros	21.4.0
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0.v0.65819:*:*:*:*:*:*:*",
              "matchCriteriaId": "1019B4E6-B033-4A30-8F9E-5CA4A747AAC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0.v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD995B9C-23DD-404B-97E4-7448CF417175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.1.v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A773330E-D05C-4C4C-AE4E-D1E7FC4548F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA84AFC-42E3-4A4F-82E3-BAC9D4F84C62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A119487C-3F48-4621-9AF1-762D5F8AF9D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad de procesamiento de paquetes de salida del sistema operativo Cisco StarOS para dispositivos Cisco Aggregation Services Router (ASR) 5700 Series y Virtualized Packet Core (VPC) System Software podr\u00eda permitir que un atacante remoto no autenticado provoque que una interfaz en el dispositivo deje de reenviar paquetes. Podr\u00eda ser necesario recargar manualmente el dispositivo para limpiar su condici\u00f3n de denegaci\u00f3n de servicio (DoS) de reenv\u00edo de interfaz. La vulnerabilidad se debe al error a la hora de procesar adecuadamente que la longitud de un paquete que se va a transmitir no exceda el tama\u00f1o m\u00e1ximo soportado de la tarjeta de interfaz de red (NIC). Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete IP manipulado o una serie de fragmentos de IP manipulados a trav\u00e9s de una interfaz en el dispositivo objetivo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante consiga que la interfaz de red deje de reenviar paquetes. Esta vulnerabilidad podr\u00eda ser desencadenada por el tr\u00e1fico de red IPv4 o IPv6. La vulnerabilidad afecta a los siguientes productos de Cisco cuando est\u00e1n ejecutando el sistema operativo StarOS y se instala una interfaz virtual en el dispositivo: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software y Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385."
    }
  ],
  "id": "CVE-2018-0239",
  "lastModified": "2024-11-21T03:37:47.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T20:29:00.770",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103923"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040720"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-02-08 07:29

Modified

2024-11-21 03:37

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Summary

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/103028	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1040340	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103028	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040340	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	21.3.0.67664
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.3.0.67664:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1F409-67DC-4627-821C-B13588AFF399",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el CLI del sistema operativo Cisco StarOS para routers Cisco ASR 5000 Series Aggregation Services podr\u00eda permitir que un atacante local autenticado sobrescriba archivos de sistema almacenados en la memoria flash de un sistema afectado. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de entrada de datos de parte del usuario por parte del sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad inyectando argumentos de comando manipulados en un comando de interfaz de l\u00ednea de comandos vulnerable en el sistema operativo afectado. Si se explota esta vulnerabilidad con \u00e9xito, el atacante podr\u00eda sobrescribir o modificar archivos arbitrarios almacenados en la memoria flash de un sistema afectado. Para explotar esta vulnerabilidad, el atacante necesitar\u00eda autenticarse en el sistema afectado empleando credenciales de administrador v\u00e1lidas. Cisco Bug IDs: CSCvf93335."
    }
  ],
  "id": "CVE-2018-0122",
  "lastModified": "2024-11-21T03:37:33.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-08T07:29:00.477",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103028"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040340"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-06-20 03:15

Modified

2024-11-21 04:37

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/108853	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108853	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E9D517-E4F2-4388-9F21-E7727232C311",
              "versionEndExcluding": "21.6.13",
              "versionStartIncluding": "21.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF01C0A0-C91E-4F09-8437-801A2BB73348",
              "versionEndExcluding": "21.6b.16",
              "versionStartIncluding": "21.6b",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DB936C-3B12-4FFD-A35A-41DE0F6C7A8E",
              "versionEndExcluding": "21.7.11",
              "versionStartIncluding": "21.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D588902-31C0-4463-A7BE-66F91D3B6636",
              "versionEndExcluding": "21.8.10",
              "versionStartIncluding": "21.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D587C95-7D71-46A0-A8D4-459B601A007F",
              "versionEndExcluding": "21.9.7",
              "versionStartIncluding": "21.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F88DA14-4174-413D-822F-1FFD5C33F8CF",
              "versionEndExcluding": "21.10.2",
              "versionStartIncluding": "21.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDDE9A1-2EA7-4EFB-BA39-0DB5C036B995",
              "versionEndExcluding": "21.11.1",
              "versionStartIncluding": "21.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad internal packet-processing del sistema operativo StarOS de Cisco que se ejecuta en plataformas virtuales podr\u00eda permitir a un atacante remoto no autenticado hacer que un dispositivo afectado detenga el procesamiento del tr\u00e1fico, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Una vulnerabilidad es debido a un error l\u00f3gico que puede ocurrir en condiciones de tr\u00e1fico espec\u00edficas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una serie de paquetes creados a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante impida que la interfaz de servicio destino reciba alg\u00fan tr\u00e1fico, lo que conllevar\u00eda a una condici\u00f3n DoS en la interfaz afectada. Es posible que el dispositivo tenga que volver a cargarse manualmente para recuperarse de la explotaci\u00f3n de esta vulnerabilidad."
    }
  ],
  "id": "CVE-2019-1869",
  "lastModified": "2024-11-21T04:37:34.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-20T03:15:11.993",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108853"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-824"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-824"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-16 17:29

Modified

2024-11-21 03:38

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/104723	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104723	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "200A4896-052D-4C31-B15D-FC9A2AE15DB3",
              "versionEndExcluding": "21.3.15",
              "versionStartIncluding": "21.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A58F3379-BB8A-43CA-87C0-8B0223E0DC12",
              "versionEndExcluding": "21.5.7",
              "versionStartIncluding": "21.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8E5ED32-9F03-4A70-8331-2C3D4B3AD06F",
              "versionEndExcluding": "21.6.4",
              "versionStartIncluding": "21.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la l\u00f3gica para paquetes IPv4 fragmentados de Cisco StarOS que se ejecuta en plataformas virtuales permite que un atacante remoto no autenticado desencadene el reinicio del proceso npusim. Esto resulta una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Hay cuatro instancias del proceso npusim ejecut\u00e1ndose por instancia SF (Service Function); cada una de ellas maneja una serie de tr\u00e1fico que fluye por el dispositivo. Es posible desencadenar una recarga de las cuatro instancias del proceso npusim al mismo tiempo. La vulnerabilidad se debe a una gesti\u00f3n incorrecta de paquetes IPv4 fragmentados que contienen opciones. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete IPv4 malicioso a trav\u00e9s de un dispositivo afectado. Este exploit podr\u00eda permitir que el atacante desencadene el reinicio del proceso npusim, que resultar\u00e1 en que todo el tr\u00e1fico que est\u00e9 en cola hacia esta instancia del proceso npusim se dejar\u00e1 mientras el proceso se reinicia. El proceso npusim suele reiniciarse en menos de un segundo. Esta vulnerabilidad afecta a: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) y Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613."
    }
  ],
  "id": "CVE-2018-0369",
  "lastModified": "2024-11-21T03:38:04.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-16T17:29:00.487",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104723"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-06 00:29

Modified

2024-11-21 03:30

Severity ?

8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99462
ykramarz@cisco.com	http://www.securitytracker.com/id/1038818	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99462
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038818	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	11.0_base
cisco	staros	12.0.0
cisco	staros	12.1_base
cisco	staros	12.2\(300\)
cisco	staros	12.2_base
cisco	staros	14.0\(600\)
cisco	staros	14.0.0
cisco	staros	15.0\(912\)
cisco	staros	15.0\(935\)
cisco	staros	15.0\(938\)
cisco	staros	15.0_base
cisco	staros	16.0\(900\)
cisco	staros	16.0.0
cisco	staros	16.1.0
cisco	staros	16.1.1
cisco	staros	16.1.2
cisco	staros	16.5.0
cisco	staros	16.5.2
cisco	staros	17.2.0
cisco	staros	17.2.0.59184
cisco	staros	17.3.0
cisco	staros	17.3.1
cisco	staros	17.3_base
cisco	staros	17.7.0
cisco	staros	18.0.0
cisco	staros	18.0.0.57828
cisco	staros	18.0.0.59167
cisco	staros	18.0.0.59211
cisco	staros	18.0.l0.59219
cisco	staros	18.1.0
cisco	staros	18.1.0.59776
cisco	staros	18.1.0.59780
cisco	staros	18.1_base
cisco	staros	18.3.0
cisco	staros	18.3_base
cisco	staros	18.4.0
cisco	staros	19.0.1
cisco	staros	19.0.m0.60737
cisco	staros	19.0.m0.60828
cisco	staros	19.0.m0.61045
cisco	staros	19.1.0
cisco	staros	19.1.0.61559
cisco	staros	19.2.0
cisco	staros	19.3.0
cisco	staros	20.0.0
cisco	staros	20.0.1.0
cisco	staros	20.0.1.a0
cisco	staros	20.0.1.v0
cisco	staros	20.0.2.3
cisco	staros	20.0.2.3.65026
cisco	staros	20.0.2.v1
cisco	staros	20.0.m0.62842
cisco	staros	20.0.m0.63229
cisco	staros	20.0.v0
cisco	staros	21.0.0
cisco	staros	21.0_base
cisco	staros	21.0_m0.64246
cisco	staros	21.0_m0.64702

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:11.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "C454137D-16DF-4AC2-A713-F7063E898939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03EED3DD-496A-48CF-8AF0-5E30DAA6314F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:12.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9417F3-7D70-4484-9B93-19C28C38F51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:12.2\\(300\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "02D2589B-FC06-47BB-B545-95424C052E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:12.2_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "831BFC89-3876-4F6F-A926-C29C13A6D9B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:14.0\\(600\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DAFE6257-0118-430B-9856-55B745FCF9D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD8633C3-7092-4793-AE4B-CB537DE514DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:15.0\\(912\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EF86D7C7-353B-4BC7-9F18-D00C7F2E695C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:15.0\\(935\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FD1C51B9-163D-440A-8B14-2B0D6F437CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:15.0\\(938\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C2300C8D-AA18-45CA-9EC0-EB4659385863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:15.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "5289C275-E80F-4776-8871-4873634C1E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:16.0\\(900\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A8043AB1-636A-47AB-9B5A-D1FC6D286D52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:16.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A3FBBB-BF06-4F27-9AFA-0F57C6343865",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D2E4C7F-0A9E-4B0C-B248-966155B56B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C130CD-A00A-4FDC-B6AA-E6C3E3532ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A1E3EE9-06ED-46B6-8576-B9F5CCF8C5F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:16.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD80771F-7650-4DAF-B9FD-AE978C43736F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:16.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D15F6CD4-C821-4957-B65E-5E2A771D929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:17.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04145290-816F-4A19-8739-396CBD786D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:17.2.0.59184:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7E4AEE-94AF-45E2-BCD3-0CB156A0EC97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:17.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12C68829-4B5B-4B0F-BA9D-4D6A26B92A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:17.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8967E4-D278-4A38-900F-BE64F5088989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:17.3_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8823E83-1EAC-4ED0-8B1C-369152040E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:17.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47F532C0-1054-4470-B788-58E84CD5781A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E044CCC9-D15F-4674-BEC9-832988EFEB7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.0.0.57828:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7311CD2-6668-4254-BF40-99A36ECDD48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.0.0.59167:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7C1A510-800B-4F0F-8483-B485C6CFD3CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.0.0.59211:*:*:*:*:*:*:*",
              "matchCriteriaId": "80218968-C095-4830-B9A7-67BB6FFAE4BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.0.l0.59219:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9B9641-D25B-41D2-8AC4-9FDDC5B82D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE0014BF-BFFB-409C-B9A5-193C5039FE21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.1.0.59776:*:*:*:*:*:*:*",
              "matchCriteriaId": "13AB3F1A-84F3-43A3-882D-7EE3DBADDFBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.1.0.59780:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97857CC-40AB-48A2-A39E-27E075BC6DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5BBA4D-F4BF-4849-8387-74EBD17AC30D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68E907-280D-42A1-8215-ECB2DA7286FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.3_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCF8900C-FD6D-48FA-90EE-77E46DF31B32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A156E7C-C4FC-4166-9806-537A2F2B0514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BB9185-2E79-4A78-A5DE-D77F5CD2CFE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.0.m0.60737:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2F4FDEC-551A-4A6A-90B2-0838305E28F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.0.m0.60828:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B94C0A-A9D4-4EC6-B063-C4292975F855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.0.m0.61045:*:*:*:*:*:*:*",
              "matchCriteriaId": "857DAEB3-BE28-48DD-9D3F-55E47BC05B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E92EEAD-E9D0-407C-BC4E-F64C8F015414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.1.0.61559:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C968950-13F7-4671-B1EA-922951760B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF8ED69-D9ED-4E9B-831C-803E1A94A41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6602B9A6-C35F-4E50-9CD5-E0135962694A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5173B19-BCD1-419E-9335-AEA1F05CBA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE3A11B0-CC34-4F64-B4D7-DB45A5E92B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.1.a0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED29CFC-A64B-49FF-ABEA-487BA88C880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.1.v0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D8753E-45EE-484F-B7B0-44FA608EC742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F215052-EA0B-4646-B993-4F30487BB45E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.2.3.65026:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8141015-B85E-45D7-9DA0-BF29D8FB01ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.2.v1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17DFC8AE-3448-4F6D-BFD7-F1A2055F375E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.m0.62842:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9E697D7-05C0-4BE0-B64B-06DBF0B4083F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.m0.63229:*:*:*:*:*:*:*",
              "matchCriteriaId": "DECCE42E-EF83-4A2D-83BE-59C8902E3F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:20.0.v0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2379CED-D0DC-491B-BA03-863A9E1811D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7931FEA-534C-4556-A41F-261A9B25CDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "A827B2AE-0DB8-4857-A438-D5DFDF2828E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0_m0.64246:*:*:*:*:*:*:*",
              "matchCriteriaId": "23BF3FCD-3A29-4939-871D-C83CC4C9F85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0_m0.64702:*:*:*:*:*:*:*",
              "matchCriteriaId": "A749454D-894D-4A57-99A1-6DC9055367BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el c\u00f3digo command-parsing de la CLI del sistema operativo StarOS de Cisco para dispositivos ASR 5000 Series versi\u00f3n 11.0 hasta 21.0, 5500 Series y 5700 Series de Cisco y el software Virtualized Packet Core (VPC) de Cisco, podr\u00eda permitir a un atacante local autenticado interrumpir la CLI del StarOS de un sistema afectado y ejecutar comandos shell arbitrarios como usuario root de Linux en el sistema, tambi\u00e9n se conoce como Inyecci\u00f3n de Comandos. La vulnerabilidad existe porque el sistema operativo afectado no hace un saneamiento de los comandos antes de insertarlos en los comandos shell de Linux. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un comando creado de la CLI para su ejecuci\u00f3n en un comando shell de Linux como un usuario root. ID de Bug de Cisco: CSCvc69329, CSCvc72930."
    }
  ],
  "id": "CVE-2017-6707",
  "lastModified": "2024-11-21T03:30:20.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-06T00:29:00.177",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/99462"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038818"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/99462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-01-18 06:29

Modified

2024-11-21 03:37

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/102788	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1040239	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102788	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040239	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "525B2F5E-1115-4523-B8CF-63F323D3F701",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el CLI del sistema operativo Cisco StarOS para routers Cisco ASR 5000 Series podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios con privilegios root en un sistema operativo del host afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de las entradas realizadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad inyectando argumentos de comando maliciosos en una comando de interfaz de l\u00ednea de comandos vulnerable. Un exploit con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios con privilegios root. Para explotar esta vulnerabilidad, el atacante necesitar\u00eda autenticarse en el sistema afectado empleando credenciales de administrador v\u00e1lidas. Cisco Bug IDs: CSCvf93332."
    }
  ],
  "id": "CVE-2018-0115",
  "lastModified": "2024-11-21T03:37:33.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T06:29:01.533",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102788"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040239"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-05-09 18:15

Modified

2024-11-21 07:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.

References

▼	URL	Tags
	ykramarz@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	*
cisco	staros	21.23.n
cisco	staros	21.24
cisco	staros	21.27.m
cisco	staros	21.28.m
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-
cisco	vpc-di	-
cisco	vpc-si	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1280E939-FA8A-49E4-AE06-616B152929CF",
              "versionEndExcluding": "21.22.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2C7A63-E17A-487D-8CCF-3346FDA2859F",
              "versionEndExcluding": "21.23.31",
              "versionStartIncluding": "21.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B58A574-77D9-4EC5-9D57-8D244EF7BDB8",
              "versionEndExcluding": "21.25.15",
              "versionStartIncluding": "21.25.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9507CCB-0340-40D6-AAF3-D2EA3D3EE408",
              "versionEndExcluding": "21.26.17",
              "versionStartIncluding": "21.26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9F9D50-DA13-410A-9571-6FA9436165E8",
              "versionEndExcluding": "21.27.6",
              "versionStartIncluding": "21.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "833F9A52-2976-4F2C-AA87-FD50BB83BB3D",
              "versionEndExcluding": "21.28.3",
              "versionStartIncluding": "21.28.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.23.n:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD63EE8D-0389-4589-BF86-0F64A8AEDA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0534E44-1CD6-49CB-A574-D7B2CF14CC25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.27.m:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1BBD53-BF16-4841-9D20-D2C4129A337B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.28.m:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DCE4FD-48D4-4B25-BBAE-24D270627FCD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:vpc-di:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "775B2FC4-E182-47F8-B786-EC6A359BCCE3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:vpc-si:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD5A5BE-9B00-4E4F-A4A4-FBEF990F4C39",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r   There are workarounds that address this vulnerability."
    }
  ],
  "id": "CVE-2023-20046",
  "lastModified": "2024-11-21T07:40:25.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-09T18:15:11.697",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-289"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-08-17 18:15

Modified

2024-11-21 05:31

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	virtualized_packet_core-single_instance	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAB16C4F-7F76-43AB-B0DE-747D6BD25338",
              "versionEndExcluding": "21.18.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_packet_core-single_instance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A57A0338-1FB7-464E-9968-102163EB8362",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n de IPv6 de Cisco StarOS podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente del tr\u00e1fico IPv6 entrante. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete IPv6 dise\u00f1ado hacia un dispositivo afectado con el objetivo de llegar a la secci\u00f3n vulnerable del b\u00fafer de entrada. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el dispositivo se recargue, resultando en una condici\u00f3n de DoS. Esta vulnerabilidad es espec\u00edfica del tr\u00e1fico IPv6. El tr\u00e1fico IPv4 no est\u00e1 afectado."
    }
  ],
  "id": "CVE-2020-3500",
  "lastModified": "2024-11-21T05:31:11.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-17T18:15:13.883",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-19 20:29

Modified

2024-11-21 03:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/103935	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1040721	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103935	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040721	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	19.4.2.65120
cisco	staros	19.6.0
cisco	staros	21.2.0
cisco	staros	21.2.6
cisco	staros	21.4.0
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.4.2.65120:*:*:*:*:*:*:*",
              "matchCriteriaId": "B30B2FD8-D21A-465C-88D4-377047419773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:19.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A78D80-968C-448A-AA92-4020230CAE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "563289F4-A450-4F77-AB39-F37F34572288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB14D5ED-89FF-4D14-A76C-208EAC01A1C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A119487C-3F48-4621-9AF1-762D5F8AF9D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en IPsec Manager en Cisco StarOS para Cisco Aggregation Services Router (ASR) 5000 Series Routers y Virtualized Packet Core (VPC) System Software podr\u00eda permitir que un atacante remoto no autenticado termine todos los t\u00faneles VPN IPsec y evite que se establezcan nuevos t\u00faneles. Esto resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe al procesamiento incorrecto de mensajes Internet Key Exchange Version 2 (IKEv2) corruptos. Un atacante podr\u00eda explotar esta vulnerabilidad enviando mensajes IKEv2 manipulados a un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante consiga que el servicio ipsecmgr se vuelva a cargar. Una recarga de este servicio podr\u00eda provocar que todos los t\u00faneles VPN IPsec se terminen y que no se puedan crear otros hasta que el servicio se reinicie, lo que desemboca en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta a los siguientes productos de Cisco que ejecutan el software Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers y Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605."
    }
  ],
  "id": "CVE-2018-0273",
  "lastModified": "2024-11-21T03:37:52.257",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T20:29:01.707",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103935"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040721"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-04 00:29

Modified

2024-11-21 03:26

Severity ?

5.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Summary

A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99218	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1038748	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99218	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038748	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	21.0.0
cisco	staros	21.0_m0.64246
cisco	staros	21.0_m0.64702

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7931FEA-534C-4556-A41F-261A9B25CDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0_m0.64246:*:*:*:*:*:*:*",
              "matchCriteriaId": "23BF3FCD-3A29-4939-871D-C83CC4C9F85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.0_m0.64702:*:*:*:*:*:*:*",
              "matchCriteriaId": "A749454D-894D-4A57-99A1-6DC9055367BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el componente IPsec de StarOS de Cisco para  Enrutadores ASR 5000 Series de Cisco, podr\u00eda permitir a un atacante no identificado remoto terminar con todos los t\u00faneles activos VPN de IPsec e impedir que se establezcan nuevos t\u00faneles, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Productos afectados: Enrutadores ASR 5000 Series , Programa Virtualized Packet Core (VPC). M\u00e1s informaci\u00f3n: CSCvc21129. Versiones Afectadas Conocidas: 21.1.0 21.1.M0.65601 21.1.v0. Versiones Fijas Conocidas: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0."
    }
  ],
  "id": "CVE-2017-3865",
  "lastModified": "2024-11-21T03:26:16.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-04T00:29:00.180",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99218"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038748"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-08 07:29

Modified

2024-11-21 03:37

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/103344	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1040466	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103344	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040466	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	21.3.0.67664
cisco	staros	21.5.0
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.3.0.67664:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1F409-67DC-4627-821C-B13588AFF399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:21.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54429A7C-A8A5-4C40-896D-4D2D7CD70EA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el CLI del sistema operativo Cisco StarOS para Cisco ASR 5000 Series Aggregation Services Routers podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios con privilegios root en un sistema operativo afectado. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de entrada de datos de parte del usuario por parte del sistema operativo. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en un sistema afectado e inyectando argumentos maliciosos en un comando CLI vulnerable. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios con privilegios root en el sistema afectado. Cisco Bug IDs: CSCvg38807."
    }
  ],
  "id": "CVE-2018-0224",
  "lastModified": "2024-11-21T03:37:46.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-08T07:29:01.283",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103344"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040466"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-05-01 10:59

Modified

2024-11-21 02:23

Severity ?

Summary

The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=38580	Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id/1032219
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=38580	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032219

Impacted products

Vendor	Product	Version
cisco	staros	12.0
cisco	staros	12.2\(300\)
cisco	staros	14.0
cisco	staros	14.0\(600\)
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6F01C1-5775-4676-BB75-30DDAC776592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:12.2\\(300\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "02D2589B-FC06-47BB-B545-95424C052E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFAD5B5-F326-4466-8DA6-7D199B2B2175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:14.0\\(600\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DAFE6257-0118-430B-9856-55B745FCF9D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217."
    },
    {
      "lang": "es",
      "value": "El servicio de la gesti\u00f3n de sesiones en Cisco StarOS 12.0, 12.2(300), 14.0, y 14.0(600) en los dispositivos ASR 5000 permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de servicio y perdida de paquete) a trav\u00e9s de paquetes HTTP malformados, tambi\u00e9n conocido como Bug ID CSCud14217."
    }
  ],
  "id": "CVE-2015-0712",
  "lastModified": "2024-11-21T02:23:35.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-01T10:59:01.153",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38580"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1032219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032219"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-08 05:15

Modified

2024-11-21 05:31

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "970A152E-F713-4E9F-A282-7B29E8260CB6",
              "versionEndExcluding": "21.19.n4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI del sistema operativo Cisco StarOS para Cisco ASR 5000 Series Routers, podr\u00eda permitir a un atacante local autenticado elevar sus privilegios en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente de los comandos de CLI.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de comandos dise\u00f1ados hacia la CLI.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con los privilegios del usuario root.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante deber\u00eda tener credenciales administrativas v\u00e1lidas en un dispositivo afectado"
    }
  ],
  "id": "CVE-2020-3601",
  "lastModified": "2024-11-21T05:31:23.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-08T05:15:15.867",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-08 05:15

Modified

2024-11-21 05:31

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "970A152E-F713-4E9F-A282-7B29E8260CB6",
              "versionEndExcluding": "21.19.n4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI del sistema operativo Cisco StarOS para Cisco ASR 5000 Series Routers, podr\u00eda permitir a un atacante local autenticado elevar sus privilegios en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente de los comandos de CLI.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de comandos dise\u00f1ados hacia la CLI.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con los privilegios del usuario root en el dispositivo afectado.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales v\u00e1lidas en un dispositivo afectado y conocer la contrase\u00f1a para el comando cli test-commands"
    }
  ],
  "id": "CVE-2020-3602",
  "lastModified": "2024-11-21T05:31:23.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.5,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-08T05:15:15.993",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-08-05 13:22

Modified

2024-11-21 01:46

Severity ?

Summary

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.

References

URL	Tags
cret@cert.org	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf	Vendor Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/229804	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/229804	US Government Resource

Impacted products

Vendor	Product	Version
cisco	ios	12.0
cisco	ios	12.0\(1\)
cisco	ios	12.0\(1\)s
cisco	ios	12.0\(1\)st
cisco	ios	12.0\(1\)w
cisco	ios	12.0\(1\)xa3
cisco	ios	12.0\(1\)xb
cisco	ios	12.0\(1\)xe
cisco	ios	12.0\(2\)
cisco	ios	12.0\(2\)xc
cisco	ios	12.0\(2\)xd
cisco	ios	12.0\(2\)xe
cisco	ios	12.0\(2\)xf
cisco	ios	12.0\(2\)xg
cisco	ios	12.0\(2a\)
cisco	ios	12.0\(2b\)
cisco	ios	12.0\(3\)
cisco	ios	12.0\(3\)t2
cisco	ios	12.0\(3\)xe
cisco	ios	12.0\(3.2\)
cisco	ios	12.0\(3.3\)s
cisco	ios	12.0\(3.4\)t
cisco	ios	12.0\(3.6\)w5\(9.0.5\)
cisco	ios	12.0\(3d\)
cisco	ios	12.0\(4\)
cisco	ios	12.0\(4\)s
cisco	ios	12.0\(4\)t
cisco	ios	12.0\(4\)xe
cisco	ios	12.0\(4\)xe1
cisco	ios	12.0\(4\)xm
cisco	ios	12.0\(4\)xm1
cisco	ios	12.0\(5\)
cisco	ios	12.0\(5\)s
cisco	ios	12.0\(5\)t
cisco	ios	12.0\(5\)t1
cisco	ios	12.0\(5\)t2
cisco	ios	12.0\(5\)wc
cisco	ios	12.0\(5\)wc2
cisco	ios	12.0\(5\)wc2b
cisco	ios	12.0\(5\)wc3
cisco	ios	12.0\(5\)wc3b
cisco	ios	12.0\(5\)wc5a
cisco	ios	12.0\(05\)wc8
cisco	ios	12.0\(5\)wc9
cisco	ios	12.0\(5\)wc9a
cisco	ios	12.0\(5\)wc11
cisco	ios	12.0\(5\)wc13
cisco	ios	12.0\(5\)wx
cisco	ios	12.0\(5\)xe
cisco	ios	12.0\(5\)xk
cisco	ios	12.0\(5\)xk2
cisco	ios	12.0\(5\)xn
cisco	ios	12.0\(5\)xn1
cisco	ios	12.0\(5\)xs
cisco	ios	12.0\(5\)xu
cisco	ios	12.0\(5\)yb4
cisco	ios	12.0\(5.1\)xp
cisco	ios	12.0\(5.2\)xu
cisco	ios	12.0\(5.3\)wc1
cisco	ios	12.0\(5.4\)wc1
cisco	ios	12.0\(5a\)e
cisco	ios	12.0\(6\)
cisco	ios	12.0\(6b\)
cisco	ios	12.0\(7\)db2
cisco	ios	12.0\(7\)dc1
cisco	ios	12.0\(7\)s1
cisco	ios	12.0\(7\)sc
cisco	ios	12.0\(7\)t
cisco	ios	12.0\(7\)t2
cisco	ios	12.0\(7\)t3
cisco	ios	12.0\(7\)wx5\(15a\)
cisco	ios	12.0\(7\)xe
cisco	ios	12.0\(7\)xe2
cisco	ios	12.0\(7\)xf
cisco	ios	12.0\(7\)xf1
cisco	ios	12.0\(7\)xk
cisco	ios	12.0\(7\)xk2
cisco	ios	12.0\(7\)xk3
cisco	ios	12.0\(7\)xv
cisco	ios	12.0\(7.4\)s
cisco	ios	12.0\(7a\)
cisco	ios	12.0\(8\)
cisco	ios	12.0\(8\)s1
cisco	ios	12.0\(8.0.2\)s
cisco	ios	12.0\(8.3\)sc
cisco	ios	12.0\(8a\)
cisco	ios	12.0\(9\)
cisco	ios	12.0\(9\)s
cisco	ios	12.0\(9\)s8
cisco	ios	12.0\(9a\)
cisco	ios	12.0\(10\)
cisco	ios	12.0\(10\)s3b
cisco	ios	12.0\(10\)s7
cisco	ios	12.0\(10\)s8
cisco	ios	12.0\(10\)w5
cisco	ios	12.0\(10\)w5\(18f\)
cisco	ios	12.0\(10\)w5\(18g\)
cisco	ios	12.0\(10a\)
cisco	ios	12.0\(11\)s6
cisco	ios	12.0\(11\)st4
cisco	ios	12.0\(11a\)
cisco	ios	12.0\(12\)
cisco	ios	12.0\(12\)s3
cisco	ios	12.0\(12\)s4
cisco	ios	12.0\(12a\)
cisco	ios	12.0\(13\)s6
cisco	ios	12.0\(13\)s8
cisco	ios	12.0\(13\)w5\(19c\)
cisco	ios	12.0\(13\)wt6\(1\)
cisco	ios	12.0\(13a\)
cisco	ios	12.0\(14\)
cisco	ios	12.0\(14\)s7
cisco	ios	12.0\(14\)s8
cisco	ios	12.0\(14\)st
cisco	ios	12.0\(14\)st3
cisco	ios	12.0\(14\)w5\(20\)
cisco	ios	12.0\(14a\)
cisco	ios	12.0\(15\)s
cisco	ios	12.0\(15\)s3
cisco	ios	12.0\(15\)s6
cisco	ios	12.0\(15\)s7
cisco	ios	12.0\(15\)sc
cisco	ios	12.0\(15\)sl
cisco	ios	12.0\(15a\)
cisco	ios	12.0\(16\)s
cisco	ios	12.0\(16\)s8
cisco	ios	12.0\(16\)s8a
cisco	ios	12.0\(16\)s10
cisco	ios	12.0\(16\)sc
cisco	ios	12.0\(16\)sc3
cisco	ios	12.0\(16\)st
cisco	ios	12.0\(16\)st1
cisco	ios	12.0\(16\)w5\(21\)
cisco	ios	12.0\(16.06\)s
cisco	ios	12.0\(16a\)
cisco	ios	12.0\(17\)
cisco	ios	12.0\(17\)s
cisco	ios	12.0\(17\)s4
cisco	ios	12.0\(17\)s7
cisco	ios	12.0\(17\)sl
cisco	ios	12.0\(17\)sl2
cisco	ios	12.0\(17\)sl6
cisco	ios	12.0\(17\)sl9
cisco	ios	12.0\(17\)st1
cisco	ios	12.0\(17\)st5
cisco	ios	12.0\(17\)st8
cisco	ios	12.0\(17a\)
cisco	ios	12.0\(18\)s
cisco	ios	12.0\(18\)s5
cisco	ios	12.0\(18\)s5a
cisco	ios	12.0\(18\)s7
cisco	ios	12.0\(18\)sl
cisco	ios	12.0\(18\)st1
cisco	ios	12.0\(18\)w5\(22b\)
cisco	ios	12.0\(18b\)
cisco	ios	12.0\(19\)
cisco	ios	12.0\(19\)s
cisco	ios	12.0\(19\)s2
cisco	ios	12.0\(19\)s2a
cisco	ios	12.0\(19\)s4
cisco	ios	12.0\(19\)sl
cisco	ios	12.0\(19\)sl4
cisco	ios	12.0\(19\)sp
cisco	ios	12.0\(19\)st
cisco	ios	12.0\(19\)st2
cisco	ios	12.0\(19\)st6
cisco	ios	12.0\(19a\)
cisco	ios	12.0\(20\)sl
cisco	ios	12.0\(20\)sp
cisco	ios	12.0\(20\)sp1
cisco	ios	12.0\(20\)st2
cisco	ios	12.0\(20\)st6
cisco	ios	12.0\(20\)st7
cisco	ios	12.0\(20\)sx
cisco	ios	12.0\(20\)w5\(22b\)
cisco	ios	12.0\(20.4\)sp
cisco	ios	12.0\(20a\)
cisco	ios	12.0\(21\)s
cisco	ios	12.0\(21\)s1
cisco	ios	12.0\(21\)s3
cisco	ios	12.0\(21\)s4a
cisco	ios	12.0\(21\)s5a
cisco	ios	12.0\(21\)s6
cisco	ios	12.0\(21\)s7
cisco	ios	12.0\(21\)sl
cisco	ios	12.0\(21\)st
cisco	ios	12.0\(21\)st6
cisco	ios	12.0\(21\)st7
cisco	ios	12.0\(21\)sx
cisco	ios	12.0\(21a\)
cisco	ios	12.0\(22\)s
cisco	ios	12.0\(22\)s4
cisco	ios	12.0\(22\)s5
cisco	ios	12.0\(22\)sy
cisco	ios	12.0\(23\)s2
cisco	ios	12.0\(23\)s3
cisco	ios	12.0\(23\)s4
cisco	ios	12.0\(23\)s5
cisco	ios	12.0\(23\)s6
cisco	ios	12.0\(23\)sx
cisco	ios	12.0\(23\)sz
cisco	ios	12.0\(24\)s1
cisco	ios	12.0\(24\)s2
cisco	ios	12.0\(24\)s4
cisco	ios	12.0\(24\)s5
cisco	ios	12.0\(24\)s6
cisco	ios	12.0\(24.2\)s
cisco	ios	12.0\(25\)s1
cisco	ios	12.0\(25\)w5\(27\)
cisco	ios	12.0\(25\)w5\(27c\)
cisco	ios	12.0\(25\)w5-27d
cisco	ios	12.0\(25.4\)s1
cisco	ios	12.0\(26\)
cisco	ios	12.0\(26\)s
cisco	ios	12.0\(26\)s1
cisco	ios	12.0\(26\)s2
cisco	ios	12.0\(26\)s6
cisco	ios	12.0\(26\)w5\(28\)
cisco	ios	12.0\(26\)w5\(28a\)
cisco	ios	12.0\(27\)
cisco	ios	12.0\(27\)s
cisco	ios	12.0\(27\)s1
cisco	ios	12.0\(27\)sv
cisco	ios	12.0\(27\)sv1
cisco	ios	12.0\(27\)sv2
cisco	ios	12.0\(28\)
cisco	ios	12.0\(28\)s3
cisco	ios	12.0\(28\)s5
cisco	ios	12.0\(28\)w5\(31a\)
cisco	ios	12.0\(28\)w5-30b
cisco	ios	12.0\(28\)w5-32a
cisco	ios	12.0\(28c\)
cisco	ios	12.0\(28d\)
cisco	ios	12.0\(30\)s1
cisco	ios	12.0\(30\)s2
cisco	ios	12.0\(30\)s4
cisco	ios	12.0\(31\)s
cisco	ios	12.0\(31\)s1
cisco	ios	12.0\(32\)s12
cisco	ios	12.0\(32\)s13
cisco	ios	12.0\(32\)sy8
cisco	ios	12.0\(32\)sy9
cisco	ios	12.0\(33\)s3
cisco	ios	12.0\(33\)s4
cisco	ios	12.0da
cisco	ios	12.0db
cisco	ios	12.0dc
cisco	ios	12.0ev
cisco	ios	12.0s
cisco	ios	12.0sc
cisco	ios	12.0sl
cisco	ios	12.0sp
cisco	ios	12.0st
cisco	ios	12.0sv
cisco	ios	12.0sx
cisco	ios	12.0sy
cisco	ios	12.0sz
cisco	ios	12.0t
cisco	ios	12.0w
cisco	ios	12.0w5
cisco	ios	12.0wc
cisco	ios	12.0wt
cisco	ios	12.0wx
cisco	ios	12.0xa
cisco	ios	12.0xb
cisco	ios	12.0xc
cisco	ios	12.0xd
cisco	ios	12.0xe
cisco	ios	12.0xf
cisco	ios	12.0xg
cisco	ios	12.0xh
cisco	ios	12.0xi
cisco	ios	12.0xj
cisco	ios	12.0xk
cisco	ios	12.0xl
cisco	ios	12.0xm
cisco	ios	12.0xn
cisco	ios	12.0xp
cisco	ios	12.0xq
cisco	ios	12.0xr
cisco	ios	12.0xs
cisco	ios	12.0xt
cisco	ios	12.0xu
cisco	ios	12.0xv
cisco	ios	12.0xw
cisco	ios	12.1
cisco	ios	12.1\(1\)
cisco	ios	12.1\(1\)db
cisco	ios	12.1\(1\)db2
cisco	ios	12.1\(1\)dc
cisco	ios	12.1\(1\)dc2
cisco	ios	12.1\(1\)e5
cisco	ios	12.1\(1\)ex
cisco	ios	12.1\(1\)t
cisco	ios	12.1\(1.3\)t
cisco	ios	12.1\(1a\)t1
cisco	ios	12.1\(1c\)
cisco	ios	12.1\(2\)e1
cisco	ios	12.1\(2\)t
cisco	ios	12.1\(2\)xf
cisco	ios	12.1\(2\)xf4
cisco	ios	12.1\(2\)xf5
cisco	ios	12.1\(6\)ea2c
cisco	ios	12.1\(6\)ey
cisco	ios	12.1\(6\)ez1
cisco	ios	12.1\(6\)ez2
cisco	ios	12.1\(6.5\)
cisco	ios	12.1\(6.5\)ec3
cisco	ios	12.1\(6a\)
cisco	ios	12.1\(7\)
cisco	ios	12.1\(7\)cx
cisco	ios	12.1\(7\)da2
cisco	ios	12.1\(7\)da3
cisco	ios	12.1\(7\)ec
cisco	ios	12.1\(7a\)e6
cisco	ios	12.1\(7a\)ey
cisco	ios	12.1\(7a\)ey3
cisco	ios	12.1\(7b\)
cisco	ios	12.1\(8\)
cisco	ios	12.1\(8\)aa1
cisco	ios	12.1\(8\)e
cisco	ios	12.1\(8\)ea
cisco	ios	12.1\(8\)ea1b
cisco	ios	12.1\(8\)ea2b
cisco	ios	12.1\(8a\)e
cisco	ios	12.1\(8a\)ew
cisco	ios	12.1\(8a\)ew1
cisco	ios	12.1\(8a\)ex
cisco	ios	12.1\(8b\)e8
cisco	ios	12.1\(8b\)e9
cisco	ios	12.1\(8b\)e14
cisco	ios	12.1\(8b\)e15
cisco	ios	12.1\(8b\)e16
cisco	ios	12.1\(8b\)e18
cisco	ios	12.1\(8b\)e20
cisco	ios	12.1\(8b\)ex4
cisco	ios	12.1\(8c\)
cisco	ios	12.1\(9\)
cisco	ios	12.1\(9\)aa
cisco	ios	12.1\(9\)e
cisco	ios	12.1\(9\)e3
cisco	ios	12.1\(9\)ea
cisco	ios	12.1\(9\)ex
cisco	ios	12.1\(9\)ex3
cisco	ios	12.1\(9a\)
cisco	ios	12.1\(10\)
cisco	ios	12.1\(10\)aa
cisco	ios	12.1\(10\)e
cisco	ios	12.1\(10\)e4
cisco	ios	12.1\(10\)ec
cisco	ios	12.1\(10\)ec1
cisco	ios	12.1\(10\)ex
cisco	ios	12.1\(10\)ey
cisco	ios	12.1\(10.5\)ec
cisco	ios	12.1\(10a\)
cisco	ios	12.1\(11\)
cisco	ios	12.1\(11\)e
cisco	ios	12.1\(11\)ea1
cisco	ios	12.1\(11\)ec
cisco	ios	12.1\(11.5\)e
cisco	ios	12.1\(11a\)
cisco	ios	12.1\(11b\)
cisco	ios	12.1\(11b\)e
cisco	ios	12.1\(11b\)e12
cisco	ios	12.1\(11b\)e14
cisco	ios	12.1\(12\)
cisco	ios	12.1\(12\)e
cisco	ios	12.1\(12a\)
cisco	ios	12.1\(12b\)
cisco	ios	12.1\(12c\)
cisco	ios	12.1\(12c\)e7
cisco	ios	12.1\(12c\)ec
cisco	ios	12.1\(12c\)ev01
cisco	ios	12.1\(12c\)ew4
cisco	ios	12.1\(13\)
cisco	ios	12.1\(13\)ay
cisco	ios	12.1\(13\)e1
cisco	ios	12.1\(13\)e3
cisco	ios	12.1\(13\)e7
cisco	ios	12.1\(13\)e9
cisco	ios	12.1\(13\)e12
cisco	ios	12.1\(13\)e13
cisco	ios	12.1\(13\)e17
cisco	ios	12.1\(13\)ea1
cisco	ios	12.1\(13\)ea1c
cisco	ios	12.1\(13\)ew
cisco	ios	12.1\(13\)ew4
cisco	ios	12.1\(13\)ex2
cisco	ios	12.1\(13.4\)e
cisco	ios	12.1\(14\)
cisco	ios	12.1\(14\)e1
cisco	ios	12.1\(14\)e4
cisco	ios	12.1\(14\)e9
cisco	ios	12.1\(14\)e10
cisco	ios	12.1\(14\)ea1
cisco	ios	12.1\(14\)eb
cisco	ios	12.1\(14.5\)
cisco	ios	12.1\(15\)bc1
cisco	ios	12.1\(16\)
cisco	ios	12.1\(18\)
cisco	ios	12.1\(18.4\)
cisco	ios	12.1\(19\)
cisco	ios	12.1\(19\)e
cisco	ios	12.1\(19\)e1
cisco	ios	12.1\(19\)e6
cisco	ios	12.1\(19\)ec
cisco	ios	12.1\(19\)ew
cisco	ios	12.1\(19\)ew3
cisco	ios	12.1\(19\)fc1
cisco	ios	12.1\(19.3\)e
cisco	ios	12.1\(20\)
cisco	ios	12.1\(20\)e
cisco	ios	12.1\(20\)e1
cisco	ios	12.1\(20\)e2
cisco	ios	12.1\(20\)e3
cisco	ios	12.1\(20\)e5
cisco	ios	12.1\(20\)ea1
cisco	ios	12.1\(20\)ea1a
cisco	ios	12.1\(20\)ec
cisco	ios	12.1\(20\)ec1
cisco	ios	12.1\(20\)ec2
cisco	ios	12.1\(20\)eo
cisco	ios	12.1\(20\)eo1
cisco	ios	12.1\(20\)eo3
cisco	ios	12.1\(20\)ew
cisco	ios	12.1\(20\)ew1
cisco	ios	12.1\(20\)ew2
cisco	ios	12.1\(20\)ew4
cisco	ios	12.1aa
cisco	ios	12.1ax
cisco	ios	12.1ay
cisco	ios	12.1az
cisco	ios	12.1cx
cisco	ios	12.1da
cisco	ios	12.1db
cisco	ios	12.1dc
cisco	ios	12.1e
cisco	ios	12.1ea
cisco	ios	12.1eb
cisco	ios	12.1ec
cisco	ios	12.1eo
cisco	ios	12.1eu
cisco	ios	12.1ev
cisco	ios	12.1ew
cisco	ios	12.1ex
cisco	ios	12.1ey
cisco	ios	12.1ez
cisco	ios	12.1ga
cisco	ios	12.1gb
cisco	ios	12.1m
cisco	ios	12.1s
cisco	ios	12.1sec
cisco	ios	12.1t
cisco	ios	12.1x\(l\)
cisco	ios	12.1xa
cisco	ios	12.1xb
cisco	ios	12.1xc
cisco	ios	12.1xd
cisco	ios	12.1xe
cisco	ios	12.1xf
cisco	ios	12.1xg
cisco	ios	12.1xh
cisco	ios	12.1xi
cisco	ios	12.1xj
cisco	ios	12.1xk
cisco	ios	12.1xl
cisco	ios	12.1xm
cisco	ios	12.1xp
cisco	ios	12.1xq
cisco	ios	12.1xr
cisco	ios	12.1xs
cisco	ios	12.1xt
cisco	ios	12.1xu
cisco	ios	12.1xv
cisco	ios	12.1xw
cisco	ios	12.1xx
cisco	ios	12.1xy
cisco	ios	12.1xz
cisco	ios	12.1ya
cisco	ios	12.1yb
cisco	ios	12.1yc
cisco	ios	12.1yd
cisco	ios	12.1ye
cisco	ios	12.1yf
cisco	ios	12.1yh
cisco	ios	12.1yi
cisco	ios	12.1yj
cisco	ios_xe	2.1.0
cisco	ios_xe	2.1.1
cisco	ios_xe	2.1.2
cisco	ios_xe	2.2.1
cisco	ios_xe	2.2.2
cisco	ios_xe	2.2.3
cisco	ios_xe	2.3.0
cisco	ios_xe	2.3.1
cisco	ios_xe	2.3.1t
cisco	ios_xe	2.3.2
cisco	ios_xe	2.4.0
cisco	ios_xe	2.4.1
cisco	ios_xe	2.4.2
cisco	ios_xe	2.4.3
cisco	ios_xe	2.4.4
cisco	ios_xe	2.5.0
cisco	ios_xe	2.5.1
cisco	ios_xe	2.5.2
cisco	ios_xe	2.6.0
cisco	ios_xe	2.6.1
cisco	ios_xe	2.6.2
cisco	ios_xe	3.1.0s
cisco	ios_xe	3.1.0sg
cisco	ios_xe	3.1.1s
cisco	ios_xe	3.1.1sg
cisco	ios_xe	3.1.2s
cisco	ios_xe	3.1.3s
cisco	ios_xe	3.1.4s
cisco	ios_xe	3.2.00.xo.15.0\(2\)xo
cisco	ios_xe	3.2.0s
cisco	ios_xe	3.2.0sg
cisco	ios_xe	3.2.0xo
cisco	ios_xe	3.2.1s
cisco	ios_xe	3.2.1sg
cisco	ios_xe	3.2.2s
cisco	ios_xe	3.2.2sg
cisco	ios_xe	3.2.3sg
cisco	ios_xe	3.2.4sg
cisco	ios_xe	3.3.0s
cisco	ios_xe	3.3.0sg
cisco	ios_xe	3.3.1s
cisco	ios_xe	3.3.1sg
cisco	ios_xe	3.3.2s
cisco	ios_xe	3.3.3s
cisco	ios_xe	3.4.0as
cisco	ios_xe	3.4.0s
cisco	ios_xe	3.4.1s
cisco	ios_xe	3.4.2s
cisco	ios_xe	3.4.3s
cisco	ios_xe	3.4.4s
cisco	ios_xe	3.4.5s
cisco	ios_xe	3.4.xs
cisco	ios_xe	3.5.0s
cisco	ios_xe	3.5.1s
cisco	ios_xe	3.5.2s
cisco	ios_xe	3.5.xs
cisco	ios_xe	3.6.0s
cisco	ios_xe	3.6.1s
cisco	ios_xe	3.6.2s
cisco	ios_xe	3.7.0s
cisco	ios_xe	3.7.1s
cisco	ios_xe	3.9.0s
cisco	asa_5500	7.0
cisco	asa_5500	7.1
cisco	asa_5500	7.2
cisco	asa_5500	8.0
cisco	asa_5500	8.1
cisco	asa_5500	8.2
cisco	asa_5500	9.0
cisco	asa_5500	9.1
cisco	pix_firewall_software	7.0
cisco	pix_firewall_software	7.1
cisco	pix_firewall_software	7.2
cisco	pix_firewall_software	8.0\(2\)
cisco	pix_firewall_software	9.0
cisco	pix_firewall_software	9.1
cisco	fwsm	*
cisco	nx-os	-
cisco	staros	14.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F86F790-6247-42F2-9487-3D60A2842F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5CFBBDA3-8A5E-407D-8608-45C1BD56BF58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(1\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14EBDCA-7CEB-4394-95EF-D4AEE991E2DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(1\\)st:*:*:*:*:*:*:*",
              "matchCriteriaId": "F006CA61-42CD-4928-A445-E54B968553C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(1\\)w:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D87AC5-0F63-4AE8-AC05-FCEC98D18BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(1\\)xa3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE210B04-7ECD-419C-9258-0F619A353A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(1\\)xb:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B467741-B277-4128-9804-E13ED23FD310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(1\\)xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E7EE856-9CE7-49FD-8ADC-05C580CD54A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "77DDC99D-8B73-452C-94A7-A9A48F2F379B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xc:*:*:*:*:*:*:*",
              "matchCriteriaId": "5145C737-2D5E-4BD4-BA9F-66ED2887A4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xd:*:*:*:*:*:*:*",
              "matchCriteriaId": "C48466C4-5A1E-4C71-8822-32D387B36B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "12551307-4D72-4D24-BA0D-07235EB762AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xf:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E23131-D207-4D98-96D5-2B71FF792604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2\\)xg:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BFB5A8C-BF1B-4111-9E6A-F8D8FE1476AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6E32C808-0471-443D-98AC-DF30AFFE633D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "593E5730-3777-4DEF-A1D3-73AF0B98448B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2207E5-7458-40C5-AEF4-73B271EAB3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7109585-1433-4940-B7C9-C561DEAF1498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3\\)xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F96BEB-19C2-48E4-8884-EA61B32D5BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "851EF536-76E0-40E6-9051-7412A8235B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3.3\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E61151D-1658-49B2-AEAA-11F61AB71118",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3.4\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "49869323-98A1-4258-8D7E-B6DE9DA45CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3.6\\)w5\\(9.0.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "52BDD49A-6D71-4C33-8B09-C0E9F2DD030E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(3d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "32B93745-F14C-428E-9A90-47ACE43451EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0D82E1-CCF7-429B-A637-479E839EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(4\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9D1F7A6-6DB3-41D1-BD87-DE1898EC91A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(4\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1B2747-4A9C-44FC-BBA8-39E338B30417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "65176343-0120-4038-844E-FDE48A920270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE67104-9212-4E28-886B-ADFA9503DBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F9B9CF-787B-4BE0-988C-669531BFFAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D88280-5701-45EF-99CA-3056AD2216F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BB7513-C232-4B4F-BE68-972B05086ABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C4F875A-D58F-47BA-A441-2362C1688256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCEE111-BEFA-4285-B892-58DE3964F497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA263B60-E7C0-4374-96DF-6E4EB9C16743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C570B5A-185E-4AA7-A8B8-BE80605020FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E17E7C3-53FE-424F-8F47-7B8C70C9807E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "47E6CE0D-852B-4169-9849-98CDC91E3118",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD620020-D5B4-4FE3-AEA5-C43686992F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4705F7-8E36-4C2D-A23C-E6002E459F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A0DF3A-430D-444F-BD02-D18D10245138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA39DE28-F3D3-4613-97EA-11896913F300",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(05\\)wc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "27476F7B-9DD2-4A7F-8C0A-65EF52F70DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "758CF4D4-46B9-4EE1-9C43-0620D1C31EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "62559EC5-D019-4C78-B589-80E16784A821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52672D5-5DFD-484E-9463-522AA4348456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE397409-D527-4283-833C-8A79F3CF8749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)wx:*:*:*:*:*:*:*",
              "matchCriteriaId": "F92CF99B-5043-4EDA-965F-3D8F32F9D742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "15295BD6-CC76-41BE-B5A0-A08888207011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk:*:*:*:*:*:*:*",
              "matchCriteriaId": "1423776F-1C73-4872-81F6-29C411B6E545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FA18C8-0152-4035-8C6F-9AAC4B1985B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DB7F15-B0C2-4EF0-A3E7-6DFD03C0A25E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE88EB7-215B-4FCA-82DD-AC2A9D243323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xs:*:*:*:*:*:*:*",
              "matchCriteriaId": "763A8E4B-B394-4EB2-829D-70A030551D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xu:*:*:*:*:*:*:*",
              "matchCriteriaId": "198E5016-4494-4BA0-BC9A-C588264F79E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)yb4:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B3A893-6322-4E04-803E-1D18224E7AF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5.1\\)xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB89FCC-6602-4B41-9BFA-91B0B48827A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5.2\\)xu:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5DF5835-5DE4-4C4E-BFF3-2B15B01771B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5.3\\)wc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "238DCBE2-E511-42D1-B938-3FA15E4969E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5.4\\)wc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10065276-0C45-4B35-8ACC-9EB8A73E5739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(5a\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "21703640-6091-4136-A2A9-B046E0A8406E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCE69A3-41C6-4893-86D4-7F264352C8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(6b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C575430A-762A-405F-95DA-92589BF4C611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)db2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA412BD-1EFD-4FE2-AC6D-E9AC93B1F750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)dc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9E45CDF-F745-4336-B5D2-0917C66C1D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE808362-AFA6-4270-8ECE-8FFD10EE3678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)sc:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA0B5C8-9BB3-40BC-ADED-3A21DD019A83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA654CE6-82C3-43D0-BAED-70E88A740BF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1720AE47-5ED4-4E5D-AF25-F9FD7E43F6D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E339A080-2572-4764-BB7C-F49F66432BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)wx5\\(15a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2318131B-BA10-4C44-8F90-215CDA28576D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "E83EFCCC-D01E-4F0E-9990-1F323167B430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E737A2B-8B1A-4F53-B1AA-ECB354D10D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C977C71-7F61-444C-A0E4-14E5269E6B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf1:*:*:*:*:*:*:*",
              "matchCriteriaId": "533BD959-48CF-4664-B4EC-37314AB93EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC5E6E9-E639-424B-963D-2760B2C38D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDDCC99B-BC23-4101-9D73-A21107FF8630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED4869D-EB53-4A7B-A630-69B8D76D48DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xv:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5AE2F8-53B5-4B13-A1DB-57E2531943A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7.4\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB26AA22-D05C-4B88-8E1B-63A8EFE6A841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(7a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6833BBD-CB8C-40E3-BCB1-193E0E03A95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(8\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "387FCCC1-B05D-4493-9F05-BAC5A0E57F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(8\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E0F459-8A71-4FAE-BE7A-6C56E28988BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(8.0.2\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7976536-FD4C-4AE7-8838-6E28E0CFE740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(8.3\\)sc:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D2F695-9A42-4425-8CA6-63CB8E99F893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(8a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4E63F87A-7BBB-4619-935E-F1F0C3C7E322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(9\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6ABDAE-182B-4367-80B6-B8C8ABF92059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(9\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EB360F-7BAE-4BB5-BB55-E3FFC567A1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(9\\)s8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA03CF9-26C6-4621-B73C-EBABB20CB250",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(9a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0B94014A-8415-4174-AF4B-C9026C6EC559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "66FEB240-8BB9-4AD6-8188-836D866F4F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\)s3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5F41EB6-4214-4A86-BBB5-619154971F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\)s7:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E5113C-945B-40CB-9F5C-0B7063704364",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\)s8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB25BAC-590E-4496-AB43-64A8EEBFDCBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75528B66-3966-4299-B9BD-69B039AB2F02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18f\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09DFBF77-BBE3-41BA-A6C6-32DD555F0AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18g\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "77D178AF-15CB-4352-8193-741F8B49688A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(10a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1863F9E2-9FFB-4C19-92E3-15DD9ED72608",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(11\\)s6:*:*:*:*:*:*:*",
              "matchCriteriaId": "403EE717-FD69-405C-9544-6349CBE09D1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(11\\)st4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF987B2-BA35-4933-85F7-7F3F2C732961",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(11a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D77A942A-4A2C-4A87-A866-12B758DB645B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(12\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "63FACCFF-1222-4C02-A286-717E954A7ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(12\\)s3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E0B16B-D4C1-4140-830F-4F5C0D90AD42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(12\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A15063AA-2800-4856-B3F2-F727BE44BAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(12a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3C8355-42F3-43DE-A2D9-0B77138461FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(13\\)s6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9BD6B1C-DDA0-4C64-84C5-68F51BFAB457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(13\\)s8:*:*:*:*:*:*:*",
              "matchCriteriaId": "050F0FAE-8871-4A14-9180-4779014D9BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(13\\)w5\\(19c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B92AE5F7-DD9A-486C-AB39-580E8E29EB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(13\\)wt6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "45246611-F8E6-4DD5-967B-815048CCAC65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(13a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3572607D-5E92-4706-8B83-C5CF01E63416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(14\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "60C7CA43-AB0C-4085-BB46-78A622241E03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(14\\)s7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B8E04-A044-4A32-ADB7-9C25B32E9F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(14\\)s8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF44B838-8E44-4281-94FD-922A60047F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(14\\)st:*:*:*:*:*:*:*",
              "matchCriteriaId": "353010B4-3E37-4451-9B17-EF5701DCE9B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(14\\)st3:*:*:*:*:*:*:*",
              "matchCriteriaId": "828D84E5-E8E4-4425-9E35-B1EBDBE245BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(14\\)w5\\(20\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4BC109F5-0907-4CDB-90BD-61788921DABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(14a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "279DBE65-0402-4205-8820-48EB20386DB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8ECE5F1-5153-4F93-9618-CF7AD2B3C426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC97D92-C82C-4CBF-93E3-4215B11FD896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s6:*:*:*:*:*:*:*",
              "matchCriteriaId": "295B139A-50F6-48E7-B42D-9A53BCA3777F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(15\\)s7:*:*:*:*:*:*:*",
              "matchCriteriaId": "992DF258-DAEC-4EF1-941D-7DBD347546B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(15\\)sc:*:*:*:*:*:*:*",
              "matchCriteriaId": "52531223-05D2-41C7-ADE2-E957443297F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(15\\)sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E611A0-B984-47A6-95F3-B582EE0766E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(15a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6E93E4A5-6D2B-4E79-B713-7CA1BEE0E36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BF480A-AD29-4CE3-9B88-E917D75F3FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2657AD4D-F324-4527-9C4F-360946FE0D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "211CF1C3-3A5E-49CA-9D01-AC3DB4A7159E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)s10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C19B39-258F-4A26-B751-8E9AB4807718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc:*:*:*:*:*:*:*",
              "matchCriteriaId": "641A5B81-B92B-4A65-9828-C7795B0AB4C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD766E23-7CA6-4CC3-9CFF-4E81E370CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)st:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E68F0B5-D6B5-4012-A563-346FD83AC9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)st1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C3D66E-C49F-4A41-B67E-D9DE768356FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16\\)w5\\(21\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09D35D67-529A-425D-800A-D986297D42C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16.06\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC8BD083-812F-414A-8E21-A8119D3ADE7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(16a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DD09CC38-FBBD-44DD-8322-F642DC8B6F3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6342713F-C4C6-4451-9637-B744311EC287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95185E5-65CF-478B-B450-2FA9C05E4A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D281BAB0-994A-418A-8FB9-C8F6509DC56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)s7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB5E2F5D-ED58-44F3-A26D-D93DCF093C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "04586FE6-78BF-4171-8A6A-EFAC90BAC8F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4444CF9-66F8-4941-8300-4547BA7C164B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl6:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C204A1-935D-4CFF-8FBA-9A6E37597E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88479A3-251A-4D36-9737-CC454640E9F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)st1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA42C30-EB70-4030-9D02-0F3635C980EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)st5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A4EE26C-9B9D-41B5-9E0D-46D599EDE8B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17\\)st8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A125557-4893-4C74-800D-D5A2FCFE6C62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(17a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F7B649-548F-46B5-BC0C-AB4013CF290F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4D37B0-460F-4F16-B4F4-33A4DB80FC79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6018992E-1FB3-4ED8-ADC3-3BA49B76165D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FF6C534-3DF7-45A5-8F76-DF75A7EB0E97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18\\)s7:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ED113-91F6-41BC-BAF5-62041D850F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18\\)sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A6E2071-516B-41B6-A897-799B66907FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18\\)st1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEE0CBD-9810-46D0-87B8-0B46926C2F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18\\)w5\\(22b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C6710AB1-42BC-4612-99EB-4E3C9A811E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(18b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDD3722-C5FC-4AD0-83D3-7E5D2F4B51E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "13BB143D-CE87-4B5B-8B41-F641C160624F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BF4CAE-9C49-412C-A3F3-F365D2E0F619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA28B36-9E53-4D2C-9ADB-C878182DB688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "801F584F-A11B-4C28-BF74-2917BED984DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6B7A5F-DFE1-4597-B121-BF4714CD2E3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7D5266-C127-4CF4-B1CF-3D639A9E204C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)sl4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A78459C5-2762-4652-8D34-772F3A025381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)sp:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C97A75-1498-40A2-8569-581FB3D13598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)st:*:*:*:*:*:*:*",
              "matchCriteriaId": "52877E55-8DB4-4E4E-BBA1-72F2E1B0C6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)st2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9AD4E-CF9A-4772-9E84-6C11401245A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19\\)st6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B83B0C4-897E-487E-939F-1E40144399EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(19a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B9ECD6C4-10AA-4B34-96F3-7EF6A093EDE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "4017470C-5EB2-4E30-834F-EAAF1738B8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sp:*:*:*:*:*:*:*",
              "matchCriteriaId": "67EC4390-6EDE-4235-83C9-DE8B0BE74539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C89179A-562B-48C7-A4ED-E98ABC855972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)st2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9032AFE-430F-409F-9558-F2179CE19087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)st6:*:*:*:*:*:*:*",
              "matchCriteriaId": "587A531C-B3EF-4B7F-872B-7481E38BA785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)st7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F59E7FC-C1AB-4C4F-B1A6-2A30FF64405F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)sx:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B6C9A4F-1F21-4AF4-B694-6A6F3A6C2170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20\\)w5\\(22b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F54D02AB-FED4-49C8-87C4-1745FA867A31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20.4\\)sp:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AAFB5F7-4343-480B-B3DC-7ADC66582983",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(20a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1734A3F8-45A2-4590-9518-0753F503433D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8735B4-CD22-40E7-B7D2-C7A4B559F7D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB9029-DC45-4F55-A4FF-F6DEEDFFA150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5310F83-EB1F-423C-A5EF-681FECAD66FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "390D496F-AFFE-4CAA-AA27-66E8C755887C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CB6075-DB61-4BDE-BD9E-4DBE06CF25E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AB2EF6-03CC-4C83-B81D-E7C4B2C03B82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)s7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B88B203-B522-428B-A273-2DDFF9CC2898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3408ED7-AAE8-4BD8-9A1C-B7F048C63CAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)st:*:*:*:*:*:*:*",
              "matchCriteriaId": "466E247E-5514-4489-A169-513115AB42D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)st6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEEF0AA-002E-4768-9302-B7CCBBF25C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)st7:*:*:*:*:*:*:*",
              "matchCriteriaId": "911BBC74-F18B-470A-A1E9-4D67F5866D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21\\)sx:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A4E74E-DE87-4787-8E2E-3C7D77E02224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(21a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "442338B0-C242-45A1-8860-4386A5033C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(22\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "6070D9A2-9A74-46B1-979D-F3F80D69513E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(22\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DBB2CF9-2F36-4CA8-8814-C34AE5620942",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(22\\)s5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7498FF80-0A4D-4510-9C1A-DA24E1A4A4E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(22\\)sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "312DB4D6-81B5-44C5-B99F-D56603C00B98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D448CA2F-8C4B-4834-8B36-B2E60D7A2D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCBAB365-6B58-44D2-A078-B3B4369CA32C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "332C413B-7AC7-4475-A968-9D0B7EF14B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s5:*:*:*:*:*:*:*",
              "matchCriteriaId": "35999D5E-F831-446C-B509-F1531A2D1DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(23\\)s6:*:*:*:*:*:*:*",
              "matchCriteriaId": "67DEFA98-F2AE-437A-8BE3-7F021C0AE76C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(23\\)sx:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F37758-9AC2-4CAA-8A09-5A59FC622267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(23\\)sz:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D11EA0-B7E1-46F5-9FCE-0812A7DD776D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3630462-F414-4D6B-8766-7CED5366C852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D6D0C5A-87C7-4169-B9DC-2AFA217888F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58DF5979-73D5-4B2E-B98E-CD0AB8517F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA92F7A-C14E-4186-8E96-51D2BDC40DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(24\\)s6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F451B6F0-429F-4B75-93F2-52AF4F65D3EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(24.2\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C3E9A9A-B80F-43BD-8A63-762B60D6DBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(25\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C634FD5-0716-435A-8D5A-0640DB34C069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(25\\)w5\\(27\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CCE7A4-A7EC-4926-90BA-B4AA87DAD99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(25\\)w5\\(27c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "00EDE5CF-FFB6-463A-B55A-53D76F3B7670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(25\\)w5-27d:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D8FB0C2-4ECA-4371-B874-2496232965A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(25.4\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B5A4482-9555-4DA0-87CB-3F17EE84EA2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(26\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C17DD4A5-9E82-49EF-965D-DF714DDBFF44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "25058DEF-01CC-4148-923C-7AC433D82E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "179CEE21-E5CA-466A-BAF0-8936F2E0B06F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F22B210-D1B8-4875-BDF2-2BE5B116B527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(26\\)s6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA1E0BA5-4A57-4D26-A453-A4D5D56DE66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(26\\)w5\\(28\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1D95BA23-C2A0-4659-B664-0B7FE74D9E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(26\\)w5\\(28a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1C0D16-5167-4A29-A8C8-3EF603AA8894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(27\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7A300584-6480-410F-8399-092682A62435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(27\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "00682210-2C86-4912-A423-5F7011C2FA2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(27\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B5C5244-8E39-41AE-931D-D935DC3CE00E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "498F4C0D-393D-4406-9752-4E49D6BB42B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C87916-D186-4E36-A4B6-5FA858FFC7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(27\\)sv2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF9C316-FF3D-4C52-A770-B8597895BA06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "816276EF-A529-4522-9F49-80E9FF64F795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28\\)s3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1336C42E-DA75-4DBC-81E1-70DD987EE54B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28\\)s5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7042F5-2878-45B2-856B-5EBC93A2BE0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28\\)w5\\(31a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2B74536A-EC0C-4C39-BA91-72990A4886E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28\\)w5-30b:*:*:*:*:*:*:*",
              "matchCriteriaId": "37E48A25-53DE-4A07-B6B2-A275F390ABAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28\\)w5-32a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C4789A3-692B-4BC4-8A91-1F576C27C8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "43C4011A-B88C-49BD-B798-786EAC87EB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(28d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F864A21-658C-4789-940C-E915F6C9F8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(30\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D49C8C12-CE1E-41B9-991D-CC3AE51FEA8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(30\\)s2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1DAEE2-8026-46DA-A652-6E0CD5A6A657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(30\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "616EA4E3-C5FC-4145-963B-E3ABAFB5E5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(31\\)s:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B896570-8184-4EC8-8EB3-95312E4ED869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(31\\)s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5743923A-A78D-4C8C-99C5-5063A609700C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(32\\)s12:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F505B0A-E9E0-4CF3-B85B-70EEE71314F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(32\\)s13:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED66A91B-6429-4983-8167-07DECA601916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(32\\)sy8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F288884-3DB7-474D-B56B-120E2DB7975A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(32\\)sy9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29860C6-75E6-43A4-8BF5-E6ABF2040B0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(33\\)s3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF0C8019-BDDA-4019-AF64-352EFFAC9036",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0\\(33\\)s4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BCFE974-9D9A-443D-A55D-6A2CBF96EC4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0da:*:*:*:*:*:*:*",
              "matchCriteriaId": "12434A88-88C6-4749-981F-E2B4D725F48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0db:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7CF26C-AEAA-42D7-8136-56E77E73DCB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0dc:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4864A2-D6BB-4E2A-9AA4-519EE0732D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0ev:*:*:*:*:*:*:*",
              "matchCriteriaId": "84299245-5091-4ED5-A107-4F7A2BE499E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C398460-3F38-4AA7-A4B1-FD8A01588DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sc:*:*:*:*:*:*:*",
              "matchCriteriaId": "793F494D-F6BD-4B23-92BE-83B9DD9D4A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B6B0C2F-2FBE-4422-AD30-305100C595CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sp:*:*:*:*:*:*:*",
              "matchCriteriaId": "932C1AC0-0BD1-46DF-A241-AA71BBD785BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEA01D2-B985-4575-AF00-144CE2E3024D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "3999B90E-FE66-4B5D-8186-66C658855D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C11A2BE-19E7-4148-B3CC-B4956B07273E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "65E78DEE-1125-4183-A0CD-947B850E956E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6943D9D-4A73-4EB2-B5C5-B7132AFFBE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA7F94E8-86FC-456B-A7BB-57953F67F754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0w:*:*:*:*:*:*:*",
              "matchCriteriaId": "277BFD67-3EE3-4E79-8D81-35597D168C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A92DCEF-C205-4145-91B0-DB9991130457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0wc:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8B5CC91-144D-4818-871E-E6120A7E1050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0wt:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E5F43E-20DA-4C5C-B8C5-1A5512CA07B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0wx:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6333F9A-2605-41EE-9AB4-1D04C5825BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*",
              "matchCriteriaId": "1050ACB3-E5B2-4710-910B-F3DF4B49907F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xb:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABE71F9-17D4-47C4-A762-18CC8716E477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xc:*:*:*:*:*:*:*",
              "matchCriteriaId": "7977DA9F-41DE-4482-B0CD-896EEEFB5689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xd:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D0A8D1D-ED94-4A2E-ACC5-0408C2C9FCFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADAB898-7728-4C14-B69A-7B8B06AFC894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xf:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDBE69A0-85B1-423B-88FB-CDA80E9186EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xg:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14C28A4-91C1-4AE0-8A14-8E98A569F7B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*",
              "matchCriteriaId": "54424787-34AC-410D-985F-511ADB2BB144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xi:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F54F0C-AC91-4CB7-9FEB-257F03547864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A0D017-F26F-4429-891E-C7E1C66B6588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xk:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FA075D-4A9E-44EE-90CF-23947C9040EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xl:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A3DFAEC-4534-4A8D-9886-0723F57C7A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5451772-87D4-42E2-8F48-D137670DA3E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xn:*:*:*:*:*:*:*",
              "matchCriteriaId": "D162976F-87A3-42BF-8C9F-A981B14F4673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2606209-91BE-4BEB-A163-0D3873A033FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xq:*:*:*:*:*:*:*",
              "matchCriteriaId": "43581A57-418A-4A35-ACF2-1380A8DA8A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xr:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC17E231-9256-4600-A33B-238E7E83CF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xs:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A6D5468-BB6A-4665-964F-D8F636359CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xt:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0AB67FC-88F4-42BB-BB90-54521950DE02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xu:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0082D5-CE3E-433A-84E9-1311C8B7899A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xv:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EB78A4-B386-4FCB-A21F-BD2B2EFC9616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xw:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED30640-AABE-4CA2-8B45-509270748BBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F2F9EC5-EDA2-4C99-BBF1-2F2C92AACE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D86E0B83-3098-47A6-9298-43D3D5F476DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\)db:*:*:*:*:*:*:*",
              "matchCriteriaId": "960F3C8E-AB3A-4A73-A1B8-E4DD98FACF14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\)db2:*:*:*:*:*:*:*",
              "matchCriteriaId": "516E4BEC-B9DA-4E21-9271-742F1CEDA087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\)dc:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9829AB1-BB64-4D0F-88BB-894FCF9CA2F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\)dc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0ADD1EB-B46F-4B8C-BF4D-5A9631BDFA0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\)e5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F6AD8-4B16-465A-9781-1B650062FB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\)ex:*:*:*:*:*:*:*",
              "matchCriteriaId": "96541BD7-7D90-4C56-BC23-7071A07711DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AA56EF-E123-4539-80EA-B94965EAA2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1.3\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "605C83F3-9159-4D8F-90C4-886543D2BBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1a\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EDD9202-56A8-4924-AC60-08B223D5C3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2E960CA4-679E-4748-ADDA-D122C5A2D331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(2\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "326374ED-7ADC-457A-A8E1-4C42CDB8F3BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0B63E-5CCF-4441-A6A1-B4EE1A556070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(2\\)xf:*:*:*:*:*:*:*",
              "matchCriteriaId": "6255AFC2-DAC7-40AE-BD1C-3BFEB5544FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(2\\)xf4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF37C54B-72D1-4D7C-B0BA-0D9C7BA6C80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(2\\)xf5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF1C787-B425-44FD-8C9B-8F6BFDD42BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ea2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC077AA-909C-4344-B5A9-F71FBCC34B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ey:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C9A6C0-F89B-4C11-B415-D78693C0E83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ez1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D7E0FE-ABA8-4423-A126-EE56E4AC6E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(6\\)ez2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3C6083-0A69-4B38-B7AC-9F7DD4D41BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(6.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2A759C05-80B5-4A5C-8B9A-C0AC13638EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(6.5\\)ec3:*:*:*:*:*:*:*",
              "matchCriteriaId": "93063C37-AEEA-47EE-A87A-5BB4BB76F416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(6a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAE896A-4B97-4E67-8A55-046AB7CC0C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A0C0CF63-FCC4-427A-9A86-48A03D913726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7\\)cx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB234FEB-C185-420C-87C0-B54E9463D24D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7\\)da2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFE5890-AA06-40A5-B02B-F6E02D6749BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7\\)da3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E621324-E76F-446D-9477-DE68A28206F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7\\)ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "1481AA47-0E3F-4B64-B8EF-13358EDB4B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7a\\)e6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E24AB6D-AEDD-47D2-868E-7C2801B8A667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7a\\)ey:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0A9F96-4BBC-4154-8098-2E6CD2B9391E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7a\\)ey3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43155865-F9DF-43E9-B688-246AD46FFA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(7b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "989069B1-5B8B-4F6E-BD76-3B2999F2BC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DF384E8C-2EB1-4747-B749-E89E25A77321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8\\)aa1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA2FB3CC-64F1-4204-A04B-BCED3ADE7102",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D37BA51-A0F6-4CF4-A729-44C1060DEBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1D0F1E8-B2AD-40A2-A7A5-8AF0D0198E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C8E9BF-1C07-47FE-8F98-ED5960D302FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DFD542A-C3E0-4E81-AA6C-D32BE269B6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "72BC63AE-31B1-44E7-BABF-B8C529283E90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)ew:*:*:*:*:*:*:*",
              "matchCriteriaId": "429E111D-F383-4DCC-A378-D7F15234E059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)ew1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9B45852-A773-40E0-97D5-4F4A5F6E8D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8a\\)ex:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EA87A2A-E394-4EA4-82BA-9CA3A561C8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD2B299-8C70-444B-9AEC-B9EAD4650C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "37EC9304-51E7-4147-820B-E6DFA9267617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF5CF62-C9A7-43C7-82DD-3CDAD6218D1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1AAD07-8EA0-496D-A4A7-6DD72B711813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e16:*:*:*:*:*:*:*",
              "matchCriteriaId": "25619ACF-6813-4470-B1F6-0D05D155DFA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7258C5E-8D61-4ADF-AF7D-F772C0A14C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)e20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4859372A-D2F6-4D97-939D-91A28B65B1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8b\\)ex4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47237CD-540B-462F-8B29-AC1EF4AF868B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(8c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3184A435-713F-499F-83D5-51233607861E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C03276-B783-49BC-841B-6A75FFDDCBF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9\\)aa:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8737806-D06E-4859-ABC2-B6D764AA74A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B04BC6-B6BD-4CD2-9257-B7493B33ADAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "718E435B-14E4-45AD-8565-CAE1F245772D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9\\)ea:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB79AFC9-2863-4DAE-9235-56DBD7C4E066",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9\\)ex:*:*:*:*:*:*:*",
              "matchCriteriaId": "2465A016-415C-4EE9-9DEC-B71C3EDC0BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9\\)ex3:*:*:*:*:*:*:*",
              "matchCriteriaId": "71655A8A-9E5F-4B48-A490-2A3110230DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(9a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6D148F-D29B-4610-85EB-557AC86C7FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "791F8D35-C80C-4540-9FD4-A957F429C712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\)aa:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E75B85-BD83-4183-8738-10B7ABFCD333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32F2780-796C-4A03-BA5C-3B0CDCD2FEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2046F5A7-EA7D-4C6F-9B93-467AB1CC2624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA022E55-1EC7-4447-8B1F-1DE2102F71FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ec1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11032330-069D-4E4A-8F65-BC9EC832EC24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ex:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9352A8-5C48-46D7-A9B9-61C6D003E9D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10\\)ey:*:*:*:*:*:*:*",
              "matchCriteriaId": "401856C7-EDE5-4B89-8A09-EFC2F878E753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10.5\\)ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "95257024-EEB8-4111-BC17-82173B759397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(10a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CB900989-74D8-4DD2-93BF-5A6D50E48213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B0EBB1-E870-4794-9474-F4E2A8AFEC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)ea1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91195861-AC53-4468-B1BB-3144A6F3CB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "238FC81A-606E-49ED-B97C-432A82BF7318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11.5\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D3C225-A31E-4E61-9B90-BBD38A8F6C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "330A2017-426D-4D6D-86A1-1D063038366E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7FC01431-DCF5-4F12-B95C-4F0813A04070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6CBB3-6F8D-40D4-9511-C9DD6F703C14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2C4D9-65CC-4C27-8240-C8F00F38A3F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A3BEF7-B34D-4D07-A8E6-834F555D0468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC4D8BB-2A95-4A57-AF3F-1CD01F55D62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "93AA3BC4-C536-4EEF-85E3-D521580F18D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)e7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8C082A-A9B7-4333-9ACB-CB75DCB73973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF8CAD4-6B77-4B1F-B3EF-05873051949C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)ev01:*:*:*:*:*:*:*",
              "matchCriteriaId": "014D2124-5158-4FCB-A831-9457CA435A03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(12c\\)ew4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E89EF44-F094-4002-A325-C765D5CB9B5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7C9A3703-1082-45A6-B510-9B6C880F14A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ay:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E473130-ED52-48FA-AAAD-A1EA427AEBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9478F31-994D-4FD8-AC53-B000815FBA92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB275FD-926E-4875-AAA2-88F8DB3B8B98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3EEC237-DD65-43F0-9DFE-0D32C929153E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e12:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE497DA8-240B-44DE-92F4-6CAC88A89B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EFCFBFD-E998-4581-B7C1-5A8BFA27DE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e17:*:*:*:*:*:*:*",
              "matchCriteriaId": "337A0980-A5B4-4605-8572-8283FD1588C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ea1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC069569-859C-41DB-93FE-57E8B3F2EBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ea1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "17B63153-D51A-40AE-887B-CC9362263602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ew:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3F54C6-FD33-442F-9E82-510EA39B0A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ew4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6568612-226C-48A3-B619-4C540D05968A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)ex2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A9F169-F1BB-4D40-81CF-9772B4E3BFEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13.4\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E6CA25F-5D9A-4996-AE41-FCF9BB9A6C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C0097ECF-6FB0-444C-997C-7FA44E82321C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F633F237-0B44-482F-A120-53A90EE0A328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0E2DFA-B2B6-4FB3-97DD-D1167014323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6277E1AB-5962-47DA-BCBB-B6BF3A5BFAB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14\\)e10:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED09E588-89E8-416F-9A7B-0CF73807998C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14\\)ea1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1229A52-54B6-478F-A419-8D0340336BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14\\)eb:*:*:*:*:*:*:*",
              "matchCriteriaId": "2652E42C-E7FF-405A-8B6D-47C28A62757E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(14.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5A69E21D-CF3F-4A57-9088-C9FF1C0ED5A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(15\\)bc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D61DA1C6-B112-448D-8E23-07800DA3E3CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(16\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA390A-9AE1-4C7D-906B-EFB5F927CC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8C2D22-61C6-4CA5-A275-DAEE2CD7D3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(18.4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4ACEAA-2B21-4C3B-AA12-235626E54581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4944AFEF-D002-4C86-958A-4EB753399FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "00DEF5CE-8637-42DA-A371-AC9BF74D213F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e6:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C3903E-94DA-409B-A0E9-A66BCB48204E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "54874F5C-4165-4CFA-9908-587A808CF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)ew:*:*:*:*:*:*:*",
              "matchCriteriaId": "184BB6B9-4E7D-4107-BFBA-847329C59209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)ew3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B06D76-49C9-412A-95C8-4C78C303488D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)fc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C19283-A797-4508-B180-0EA5A1D14310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19.3\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F62D015-0F71-4B7C-9B75-04F495725DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC9A03B-752D-4F68-B360-CBE2EDBFD8F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C3B6E2-3D33-457E-B85D-8C2FC9DA2FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41AB141-A566-4738-8E07-E6410590FB0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F074DF74-81FA-4F09-A6E5-18DD9A4E76C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9689234D-7762-4BA4-827E-702407F5BDF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)e5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A390527A-7522-4580-8C0A-F68BF90A5CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ea1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4041EB0-F402-4C01-9337-212E3E461AF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ea1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "00388B56-F514-4A9F-95FE-1D8239BE1EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DEB16EF-D0C1-4C56-85B1-3C07D8CFD493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFCFD88F-4320-4F4F-9CAD-BA8A5AA5D389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ec2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89132D4-850A-4C33-BDE4-51F6A053C848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)eo:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABF2BEC0-6D37-4BC2-9A78-FC0D06CE7573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)eo1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BBCCE83-076A-4B0C-9331-B9FE7DA8278E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)eo3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA0B22A1-8B4B-4ECD-89B3-EDB5A14D1799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew:*:*:*:*:*:*:*",
              "matchCriteriaId": "379E0F70-EE01-48F9-A4F0-BFCF9BDAB4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17CD0C63-7500-4A32-BD85-27E6C2F70FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDFD76E-0668-4137-A747-8FDE700A3B13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(20\\)ew4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F7143A-9B42-47FC-8626-19A850A74E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1aa:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6FFE33-2891-48E5-9D0C-C52F88B2D76C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ax:*:*:*:*:*:*:*",
              "matchCriteriaId": "442972CD-50D3-4C46-AB73-44AED94B9F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ay:*:*:*:*:*:*:*",
              "matchCriteriaId": "19077C39-A27B-4EC3-A882-9AC826E61570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1az:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B31AFC-9C72-4737-B6B7-E938C13695BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1cx:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDEF6AED-4477-4AAC-9759-1996B77DFEE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1da:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9427851-B0DC-4CE6-8BFA-60619D1DC87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1db:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D07DD94-0925-4FEE-9565-5F36B9AAF448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1dc:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC3A67F5-05C6-4097-A88E-0A0F165C12EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "7126E176-D739-4102-8F10-1EEB8C6A219D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C0554-1A50-4341-AB07-80AA854673D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1eb:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8C5149-40F8-40C9-9FC3-7E7C68801320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "46FF39C5-CC37-4573-BB18-36254D38509B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1eo:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1AF45D8-A32A-482F-8183-F0DC3C4FB5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1eu:*:*:*:*:*:*:*",
              "matchCriteriaId": "B377A8B9-90F2-41B7-9098-5ABEB621E2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ev:*:*:*:*:*:*:*",
              "matchCriteriaId": "896A71EC-9508-406F-8DE8-58953D9A30FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ew:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B15FCC-1BB3-41CA-9550-6D55DD381F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ex:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4A85892-C3AB-4920-A949-A71BD0332D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ey:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6330829-9A7B-479D-B38B-BC64148EC172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ez:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9F1E38-3482-4EAC-8654-EBC004B9344B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ga:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BCD9C9-7E6B-42EB-A645-32B3C00CDDEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1gb:*:*:*:*:*:*:*",
              "matchCriteriaId": "34A61768-E18E-4DB0-9EDF-2E36D0F62DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1m:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B13CDA-C376-412A-AF5D-8FC25C74A0A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EEFAB2C-172F-45AE-9C84-A036AD22B5EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1sec:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3EFB16-B62B-4D24-B99F-AED2CD35C28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
              "matchCriteriaId": "752C3C6B-910D-4153-A162-DF255F60306B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1x\\(l\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3B11A6E0-36BB-44C5-893C-59AC283E515B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xa:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BBE2FF-5DAE-447A-9C3D-3F48B24AECA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xb:*:*:*:*:*:*:*",
              "matchCriteriaId": "297FAD97-60C0-473D-A18D-03657B81B7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xc:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD4A33B-B13E-40C6-B47F-A406ACC6664F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xd:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E488E6E-87F0-4292-B97B-31087FDB4655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D199CB1-A2A3-4678-9503-C5B61281755C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xf:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D743DF-838A-4E7A-A4FC-BB5EB7D93CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xg:*:*:*:*:*:*:*",
              "matchCriteriaId": "19952DC6-1186-4754-BB1E-BA1D78A19C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xh:*:*:*:*:*:*:*",
              "matchCriteriaId": "441CB9D6-5EDB-457B-B59E-D48B01AEAF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*",
              "matchCriteriaId": "28097F62-B51F-4A3B-BB31-6FA67E8C8B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E8AF76-0A1D-4BAE-BF10-D63080352E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xk:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A11AF3F-C82F-4431-9CF1-84FDAD388D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B674647-4438-4450-9DCA-25184D4E2682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E5CC41-1344-4A65-A653-8012ACE2CF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "71FB7128-CF11-4903-97D7-418403A03CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xq:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EFB20A-78E2-4BA1-B87C-BB74E8982D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xr:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A273401-9394-4BC3-879C-DE3EFC09B3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xs:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DABF911-FCDF-4095-A95D-4BB73628FCA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xt:*:*:*:*:*:*:*",
              "matchCriteriaId": "77886493-C30E-439E-BBB4-3D34A8938378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xu:*:*:*:*:*:*:*",
              "matchCriteriaId": "7813F511-CF6D-487F-9D1C-7A6CF85AD724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xv:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DC4B6-8B3D-4A0D-9934-743FD7494DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xw:*:*:*:*:*:*:*",
              "matchCriteriaId": "E272881F-0804-4190-A21D-3D0B9A774F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xx:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12B39FE-3E7B-4D96-8CD4-0D57C50A786A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xy:*:*:*:*:*:*:*",
              "matchCriteriaId": "F084DA16-24CB-41D1-92B7-C6E0499AAD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xz:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA979D75-F60E-45F8-B99C-1402DC8CFCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ya:*:*:*:*:*:*:*",
              "matchCriteriaId": "194F0AB1-92E6-4CE3-A5A1-904BF75F05D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1yb:*:*:*:*:*:*:*",
              "matchCriteriaId": "884753D4-3AF0-4723-9D51-26BA7B4CA533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1yc:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF3601D-DF44-4A10-A424-8E97C65A36A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1yd:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC38BD6C-9823-4D2A-8BE2-60AABE3C4932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ye:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1835410-77EB-46F2-ACF0-379759D4B0D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1yf:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB103ED-B170-4193-84CD-4C59F4D6A10A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1yh:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88DCCDE-6A81-473F-B4FE-95A84F8DF964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1yi:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D55886-268F-4E4D-B00F-8A5D97A73BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1yj:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7C6FB8-8393-4916-BB2B-3097B1995C23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C798B993-8521-4C5D-88AF-2D509DBAC2AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "127BD97D-56A0-4B75-9A19-CC499965B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A1D6AEB-26F3-4BD9-A4CA-3D54CCF158F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B35652-621F-48DB-84FF-E214D42AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E216416-E3ED-437D-A725-2297DD86EF3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8F3444-17E3-48A5-BEC1-97967F7E4EA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539E369A-299B-4CDE-940F-C853E08439B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39120E68-F456-4035-8B28-64943CDDCFD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.1t:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F6EF3B-2F31-4449-9B2A-9114D41BBC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E6D907-4B38-4046-BF4F-C7DFA36F55E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D0B52CA-3834-4435-A3E1-9684A41E6405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5976253B-339F-49C3-A538-653901E85EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838C42B4-6D72-4EE5-A0F0-87E60D73A44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB06F1BF-E186-48EA-BAE2-1B76DB16BC3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ECECC55-C937-45B7-ABC9-1DA44D1DBED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "23AD1406-D2E4-4517-BF3E-A87C1FA8AC7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D203439-1A4B-4805-8A15-5A33C612A5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2DC46EA-C766-4EBA-B686-29B3B23F0155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A41531-FBC0-41DD-9965-8CAFA30488AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "310BA9E3-8175-4220-9FC3-48390C994174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B837418-4855-44BE-BA6F-0840864481A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A13401-2660-483E-89A5-6420B5866BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5F84EF-1C19-4AB3-BD01-A3DE47B2A46A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "77FC74E2-2510-40F5-BB2B-11608B844E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E021FDA-0D92-4A81-8721-EED507426922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C69E845-700C-4250-B528-9482A5362F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.3s:*:*:*:*:*:*:*",
              "matchCriteriaId": "389D6E60-F6AB-40B8-B894-CE97BF13AE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.4s:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A40EA0A-1642-4950-9943-20C1888C18D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.00.xo.15.0\\(2\\)xo:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F018C7-4BC5-443E-815E-481C805F3612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "621845E0-E885-46E4-929D-55DBE43DC97F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.0sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C0900A-1354-4A20-B5ED-8C005BCE4D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.0xo:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6256C79-DBDA-4ED7-AA3B-DE78B8C387B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "429F3E17-5C65-4C91-8881-AAEAA00BCD44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.1sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5B811A-AAAD-49C0-8FC2-5C79078BA6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47E76FF-DE36-463D-B610-A99C90AF7B91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.2sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "3104D911-5FFC-4605-B234-6FD40A206DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.3sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC787C70-6540-4AF7-9F05-8FD86284091E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.4sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC716D3D-5C37-4E36-8F6B-53801DC7225E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.3.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF8A6EC-3C45-4CDB-81B5-4D50CD5C4087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.3.0sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52C1850-27F7-40C8-BA26-660D160AD163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.3.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "737D7668-872C-4246-9AB9-12FF059E231A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.3.1sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AAC822D-E886-46A9-80E8-06DD753A458E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.3.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4CBDA4F-DBB3-4426-8C16-2B2314ACF21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.3.3s:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E237F6-97DA-45AE-8505-B3F629AB026D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.0as:*:*:*:*:*:*:*",
              "matchCriteriaId": "B45225F2-C9EB-493D-B845-64BFB8DBB89B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "252377A3-7F15-45F2-A169-BBC37858D4DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "02E8F96A-EA9C-4E66-8491-9B2A3A4023F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "85908754-8426-49D3-BCC2-AF174B5D0EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.3s:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5BA973-D59A-4CB9-BC35-089F88737425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.4s:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E6E83FC-CFAE-45EA-9F20-830FC5E97399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.5s:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B3BCAC-8317-41C4-9A60-85B693818044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.4.xs:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D36DA8-0CBC-424F-80FB-A59839C49FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.5.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "5872A42F-745E-4EC6-8679-C28F79F6621C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.5.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "86947E54-A1B9-4ECE-92A6-417462249612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.5.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C910BE7C-517F-4E41-8433-1858F700AA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.5.xs:*:*:*:*:*:*:*",
              "matchCriteriaId": "A862D914-CE60-48A9-9D52-299642BE3FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.6.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EB5A06F-59B5-43A1-8D06-1B6BA08630A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.6.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB5F6C44-DB9D-41FD-AD8D-AF45258772DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.6.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9E07C9-4C98-48A3-ACF9-1C6FE834D19C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.7.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "E979597C-E614-45E9-9AC4-66DE323221BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.7.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E908D0-7327-42B7-81C0-FA25BF45929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.9.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "94227B25-5C86-453C-9DC8-A8201C1D1FEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891B8FA4-B602-42C5-A94F-8C60BBF7A7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "856917BD-179B-4C43-8EA6-034254720B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "800D4D6A-0814-4D83-8E66-945687AE58D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0810F1FB-120C-4F4C-A9A7-6AA76227A4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F50FA336-1365-4449-86B6-855C06E4F516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBF542E-2454-4F54-93F6-8D003E06F9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F4A7CB-C68C-4796-A853-0BD58C9FF208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "643454AD-ADE5-4917-A7B0-AA3A2AF55265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009CCE4-908C-4830-B0E0-7B4CB33280F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "640CDC78-22D3-4E60-8D36-F088D8DB27DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DD5D7A-5AF6-4847-A001-926B13FB8B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:8.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "11E26250-8C97-4875-AECA-592DEC341C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67EB8598-8447-4CCC-A7F5-C509B42CD672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A346E4-B5E7-49E1-8756-0610917D9082",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:fwsm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1651BB28-E030-4AEC-AD5F-7A51C28DF22A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA35D4AA-24B3-428E-84ED-804EF941E9A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFAD5B5-F326-4466-8DA6-7D199B2B2175",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n OSFPF en Cisco IOS v12.0 hasta la v 12.4 y v15.0 hasta v15.3, IOS-XE v2.x hasta la v3.9.xS, ASA y PIX 7.x hasta la v9.1, FWSM, NX-OS, y StarOS anterior a v14.0.50488 no valida correctamente los paquetes Link State Advertisement (LSA) tipo 1 antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n del enrutamiento) u obtener informaci\u00f3n sensible a trav\u00e9s de un paquete (1) unicast o (2) un paquete de multidifusi\u00f3n, tambi\u00e9n conocido como Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, y CSCug39795."
    }
  ],
  "id": "CVE-2013-0149",
  "lastModified": "2024-11-21T01:46:56.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-05T13:22:47.847",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/229804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/229804"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-29 01:59

Modified

2024-11-21 02:23

Severity ?

Summary

The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=38557	Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id/1032213
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=38557	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032213

Impacted products

Vendor	Product	Version
cisco	staros	18.1.0.59776
cisco	asr_5000	*
cisco	asr_5500	*
cisco	asr_5700	*

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:18.1.0.59776:*:*:*:*:*:*:*",
              "matchCriteriaId": "13AB3F1A-84F3-43A3-882D-7EE3DBADDFBE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41BCD17D-C8D4-4AA4-A25D-682399253BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8D2CA4D-A269-47BD-95C9-FBA2B48DF228",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A130F1F2-7E5D-44BC-9D45-9F05EAD182BB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711."
    },
    {
      "lang": "es",
      "value": "El servicio hamgr en la implementaci\u00f3n IPv6 Proxy Mobile (PM) en Cisco StarOS 18.1.0.59776 en los dispositivos ASR 5000 permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de servicio e interrupci\u00f3n del procesamiento de llamadas) a trav\u00e9s de paquetes PM malformados, tambi\u00e9n conocido como Bug ID CSCut94711."
    }
  ],
  "id": "CVE-2015-0711",
  "lastModified": "2024-11-21T02:23:34.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-29T01:59:03.183",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38557"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1032213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032213"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-20 20:15

Modified

2024-11-21 05:44

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-
cisco	virtualized_packet_core-single_instance	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "741DB403-12E1-4C6E-BC0A-FD92A32B0F89",
              "versionEndExcluding": "21.22.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_packet_core-single_instance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A57A0338-1FB7-464E-9968-102163EB8362",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el manejo del protocolo IPv4 de Cisco StarOS, podr\u00eda permitir a un atacante no autenticado remoto causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a una p\u00e9rdida de memoria que se produce durante el procesamiento de paquetes. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una serie de paquetes IPv4 dise\u00f1ados por medio de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante agotar la memoria disponible y causar un reinicio inesperado del proceso npusim, conllevando a una condici\u00f3n DoS en el dispositivo afectado"
    }
  ],
  "id": "CVE-2021-1353",
  "lastModified": "2024-11-21T05:44:09.737",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-20T20:15:17.533",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-06-18 03:15

Modified

2024-11-21 05:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	staros	*
cisco	asr_5000	-
cisco	asr_5500	-
cisco	asr_5700	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E4FEC-1CC7-4910-80C5-31C79D3F5393",
              "versionEndExcluding": "21.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad Enhanced Charging Service (ECS) de Routers de Servicios de Agregaci\u00f3n Cisco ASR 5000 Series, podr\u00eda permitir a un atacante remoto no autenticado omitir las reglas de clasificaci\u00f3n de tr\u00e1fico sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente del tr\u00e1fico de usuarios que atraviesa un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP malformada hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir las reglas de clasificaci\u00f3n de tr\u00e1fico y potencialmente evitar que sea cobrado por el consumo de tr\u00e1fico"
    }
  ],
  "id": "CVE-2020-3244",
  "lastModified": "2024-11-21T05:30:38.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-18T03:15:11.370",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2017-3865

Vulnerability from cvelistv5

Published

2017-07-04 00:00

Modified

2024-08-05 14:39

Severity ?

Summary

A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/99218	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038748	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor

Product

Version

▼

Cisco StarOS for ASR 5000 Series Routers

Version: Cisco StarOS for ASR 5000 Series Routers

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99218",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99218"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr"
          },
          {
            "name": "1038748",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038748"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS for ASR 5000 Series Routers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS for ASR 5000 Series Routers"
            }
          ]
        }
      ],
      "datePublic": "2017-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "IPsec VPN Tunnel Denial of Service Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "99218",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99218"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr"
        },
        {
          "name": "1038748",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038748"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3865",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS for ASR 5000 Series Routers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS for ASR 5000 Series Routers"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IPsec VPN Tunnel Denial of Service Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99218",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99218"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr"
            },
            {
              "name": "1038748",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038748"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3865",
    "datePublished": "2017-07-04T00:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0712

Vulnerability from cvelistv5

Published

2015-05-01 10:00

Modified

2024-08-06 04:17

Severity ?

Summary

The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1032219	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/viewAlert.x?alertId=38580	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032219",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032219"
          },
          {
            "name": "20150429 Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38580"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-04T17:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032219",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032219"
        },
        {
          "name": "20150429 Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38580"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0712",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032219",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032219"
            },
            {
              "name": "20150429 Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38580"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0712",
    "datePublished": "2015-05-01T10:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-16026

Vulnerability from cvelistv5

Published

2020-01-26 04:45

Modified

2024-11-15 17:44

Severity ?

6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: unspecified < n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:03:32.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200108 Cisco Mobility Management Entity Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-16026",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:29:46.226838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:44:37.291Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-26T04:45:20",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200108 Cisco Mobility Management Entity Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20200108-mme-dos",
        "defect": [
          [
            "CSCvs01456"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Mobility Management Entity Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-01-08T16:00:00-0800",
          "ID": "CVE-2019-16026",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Mobility Management Entity Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.8",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200108 Cisco Mobility Management Entity Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20200108-mme-dos",
          "defect": [
            [
              "CSCvs01456"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-16026",
    "datePublished": "2020-01-26T04:45:20.821598Z",
    "dateReserved": "2019-09-06T00:00:00",
    "dateUpdated": "2024-11-15T17:44:37.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0711

Vulnerability from cvelistv5

Published

2015-04-29 01:00

Modified

2024-08-06 04:17

Severity ?

Summary

The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1032213	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/viewAlert.x?alertId=38557	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032213",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032213"
          },
          {
            "name": "20150428 Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38557"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-04T18:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032213",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032213"
        },
        {
          "name": "20150428 Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38557"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0711",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032213",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032213"
            },
            {
              "name": "20150428 Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38557"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0711",
    "datePublished": "2015-04-29T01:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-6707

Vulnerability from cvelistv5

Published

2017-07-06 00:00

Modified

2024-08-05 15:41

Severity ?

Summary

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1038818	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99462	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Version: Cisco StarOS

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038818",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038818"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd"
          },
          {
            "name": "99462",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99462"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2017-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038818",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038818"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd"
        },
        {
          "name": "99462",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99462"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6707",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038818",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038818"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd"
            },
            {
              "name": "99462",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99462"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6707",
    "datePublished": "2017-07-06T00:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-20665

Vulnerability from cvelistv5

Published

2022-04-06 18:13

Modified

2024-11-06 16:28

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Summary

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:17:52.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220303 Cisco StarOS Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20665",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T16:00:18.481701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T16:28:29.506Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-06T18:13:40",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220303 Cisco StarOS Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
        }
      ],
      "source": {
        "advisory": "cisco-sa-staros-cmdinj-759mNT4n",
        "defect": [
          [
            "CSCvz22969"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-03-03T00:00:00",
          "ID": "CVE-2022-20665",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.0",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220303 Cisco StarOS Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-staros-cmdinj-759mNT4n",
          "defect": [
            [
              "CSCvz22969"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20665",
    "datePublished": "2022-04-06T18:13:41.066151Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-11-06T16:28:29.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0115

Vulnerability from cvelistv5

Published

2018-01-18 06:00

Modified

2024-12-02 21:27

Severity ?

Summary

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040239	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102788	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Version: Cisco StarOS

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040239",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040239"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"
          },
          {
            "name": "102788",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102788"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0115",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T19:09:03.676286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T21:27:04.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2018-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-25T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1040239",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040239"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"
        },
        {
          "name": "102788",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102788"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0115",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040239",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040239"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"
            },
            {
              "name": "102788",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102788"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0115",
    "datePublished": "2018-01-18T06:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-12-02T21:27:04.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1145

Vulnerability from cvelistv5

Published

2021-01-13 21:45

Modified

2024-11-12 20:40

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:02:55.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210113 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:53:11.748770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:40:11.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-13T21:45:36",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210113 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
        }
      ],
      "source": {
        "advisory": "cisco-sa-staros-file-read-L3RDvtey",
        "defect": [
          [
            "CSCvv34230"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-01-13T16:00:00",
          "ID": "CVE-2021-1145",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210113 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-staros-file-read-L3RDvtey",
          "defect": [
            [
              "CSCvv34230"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1145",
    "datePublished": "2021-01-13T21:45:36.440370Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-12T20:40:11.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20046

Vulnerability from cvelistv5

Published

2023-05-09 13:06

Modified

2024-08-02 08:57

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h

Impacted products

Vendor

Product

Version

▼

Version: 21.11.0
Version: 21.11.1
Version: 21.11.2
Version: 21.11.3
Version: 21.11.10
Version: 21.11.11
Version: 21.11.12
Version: 21.11.13
Version: 21.11.14
Version: 21.11.4
Version: 21.11.5
Version: 21.11.6
Version: 21.11.7
Version: 21.11.8
Version: 21.11.9
Version: 21.11.15
Version: 21.11.16
Version: 21.11.17
Version: 21.11.18
Version: 21.11.19
Version: 21.11.20
Version: 21.11.21
Version: 21.12.0
Version: 21.12.1
Version: 21.12.2
Version: 21.12.3
Version: 21.12.4
Version: 21.12.5
Version: 21.12.6
Version: 21.12.10
Version: 21.12.11
Version: 21.12.12
Version: 21.12.13
Version: 21.12.14
Version: 21.12.16
Version: 21.12.17
Version: 21.12.18
Version: 21.12.7
Version: 21.12.8
Version: 21.12.9
Version: 21.12.19
Version: 21.12.20
Version: 21.12.21
Version: 21.12.22
Version: 21.12.15
Version: 21.13.0
Version: 21.13.1
Version: 21.13.2
Version: 21.13.3
Version: 21.13.4
Version: 21.13.10
Version: 21.13.11
Version: 21.13.12
Version: 21.13.13
Version: 21.13.14
Version: 21.13.15
Version: 21.13.16
Version: 21.13.17
Version: 21.13.18
Version: 21.13.19
Version: 21.13.20
Version: 21.13.5
Version: 21.13.6
Version: 21.13.7
Version: 21.13.8
Version: 21.13.9
Version: 21.13.21
Version: 21.14.0
Version: 21.14.1
Version: 21.14.10
Version: 21.14.11
Version: 21.14.12
Version: 21.14.16
Version: 21.14.17
Version: 21.14.19
Version: 21.14.2
Version: 21.14.20
Version: 21.14.3
Version: 21.14.4
Version: 21.14.5
Version: 21.14.6
Version: 21.14.7
Version: 21.14.8
Version: 21.14.9
Version: 21.14.b12
Version: 21.14.b13
Version: 21.14.b14
Version: 21.14.b15
Version: 21.14.b17
Version: 21.14.b18
Version: 21.14.b19
Version: 21.14.b20
Version: 21.14.b21
Version: 21.14.22
Version: 21.14.b22
Version: 21.14.23
Version: 21.15.0
Version: 21.15.1
Version: 21.15.10
Version: 21.15.11
Version: 21.15.12
Version: 21.15.13
Version: 21.15.14
Version: 21.15.15
Version: 21.15.16
Version: 21.15.17
Version: 21.15.18
Version: 21.15.19
Version: 21.15.2
Version: 21.15.20
Version: 21.15.21
Version: 21.15.22
Version: 21.15.24
Version: 21.15.25
Version: 21.15.26
Version: 21.15.27
Version: 21.15.28
Version: 21.15.29
Version: 21.15.3
Version: 21.15.30
Version: 21.15.32
Version: 21.15.33
Version: 21.15.36
Version: 21.15.37
Version: 21.15.39
Version: 21.15.4
Version: 21.15.40
Version: 21.15.41
Version: 21.15.5
Version: 21.15.6
Version: 21.15.7
Version: 21.15.8
Version: 21.15.43
Version: 21.15.45
Version: 21.15.46
Version: 21.15.47
Version: 21.15.48
Version: 21.15.51
Version: 21.15.52
Version: 21.15.53
Version: 21.15.54
Version: 21.15.55
Version: 21.15.57
Version: 21.15.58
Version: 21.15.59
Version: 21.15.60
Version: 21.16.2
Version: 21.16.3
Version: 21.16.4
Version: 21.16.5
Version: 21.16.c10
Version: 21.16.c11
Version: 21.16.c12
Version: 21.16.c13
Version: 21.16.c9
Version: 21.16.d0
Version: 21.16.d1
Version: 21.16.6
Version: 21.16.c14
Version: 21.16.7
Version: 21.16.c15
Version: 21.16.8
Version: 21.16.c16
Version: 21.16.10
Version: 21.16.9
Version: 21.16.c17
Version: 21.16.c18
Version: 21.16.c19
Version: 21.17.0
Version: 21.17.1
Version: 21.17.2
Version: 21.17.3
Version: 21.17.4
Version: 21.17.5
Version: 21.17.6
Version: 21.17.7
Version: 21.17.8
Version: 21.17.10
Version: 21.17.11
Version: 21.17.9
Version: 21.17.12
Version: 21.17.13
Version: 21.17.14
Version: 21.17.15
Version: 21.17.16
Version: 21.17.17
Version: 21.17.18
Version: 21.17.19
Version: 21.18.0
Version: 21.18.1
Version: 21.18.2
Version: 21.18.3
Version: 21.18.4
Version: 21.18.5
Version: 21.18.11
Version: 21.18.6
Version: 21.18.7
Version: 21.18.8
Version: 21.18.9
Version: 21.18.12
Version: 21.18.13
Version: 21.18.14
Version: 21.18.15
Version: 21.18.16
Version: 21.18.17
Version: 21.18.18
Version: 21.18.19
Version: 21.18.20
Version: 21.18.21
Version: 21.18.22
Version: 21.18.23
Version: 21.18.24
Version: 21.18.25
Version: 21.18.26
Version: 21.19.0
Version: 21.19.1
Version: 21.19.2
Version: 21.19.3
Version: 21.19.n2
Version: 21.19.4
Version: 21.19.5
Version: 21.19.n3
Version: 21.19.n4
Version: 21.19.6
Version: 21.19.7
Version: 21.19.8
Version: 21.19.n5
Version: 21.19.10
Version: 21.19.9
Version: 21.19.n6
Version: 21.19.n7
Version: 21.19.n8
Version: 21.19.11
Version: 21.19.n10
Version: 21.19.n11
Version: 21.19.n12
Version: 21.19.n13
Version: 21.19.n14
Version: 21.19.n15
Version: 21.19.n16
Version: 21.19.n9
Version: 21.19.n17
Version: 21.19.n18
Version: 21.20.0
Version: 21.20.1
Version: 21.20.SV1
Version: 21.20.SV3
Version: 21.20.SV5
Version: 21.20.2
Version: 21.20.3
Version: 21.20.4
Version: 21.20.5
Version: 21.20.6
Version: 21.20.7
Version: 21.20.8
Version: 21.20.9
Version: 21.20.k6
Version: 21.20.10
Version: 21.20.11
Version: 21.20.k7
Version: 21.20.u8
Version: 21.20.12
Version: 21.20.13
Version: 21.20.14
Version: 21.20.k8
Version: 21.20.p9
Version: 21.20.15
Version: 21.20.16
Version: 21.20.17
Version: 21.20.18
Version: 21.20.19
Version: 21.20.20
Version: 21.20.21
Version: 21.20.22
Version: 21.20.23
Version: 21.20.24
Version: 21.20.25
Version: 21.20.26
Version: 21.20.28
Version: 21.20.29
Version: 21.20.30
Version: 21.20.c22
Version: 21.20.31
Version: 21.20.32
Version: 21.20.33
Version: 21.20.34
Version: 21.20.35
Version: 21.20.27
Version: 21.20.SV2
Version: 21.21.0
Version: 21.21.1
Version: 21.21.2
Version: 21.21.3
Version: 21.21.KS2
Version: 21.22.0
Version: 21.22.n2
Version: 21.22.n3
Version: 21.22.3
Version: 21.22.4
Version: 21.22.5
Version: 21.22.uj3
Version: 21.22.11
Version: 21.22.6
Version: 21.22.7
Version: 21.22.8
Version: 21.22.n4
Version: 21.22.n5
Version: 21.22.ua0
Version: 21.22.ua2
Version: 21.22.ua3
Version: 21.22.ua5
Version: 21.22.12
Version: 21.22.13
Version: 21.22.n10
Version: 21.22.n11
Version: 21.22.n12
Version: 21.22.n6
Version: 21.22.n7
Version: 21.22.n8
Version: 21.22.n9
Version: 21.22.n13
Version: 21.23.0
Version: 21.23.1
Version: 21.23.10
Version: 21.23.11
Version: 21.23.12
Version: 21.23.13
Version: 21.23.14
Version: 21.23.15
Version: 21.23.16
Version: 21.23.17
Version: 21.23.2
Version: 21.23.3
Version: 21.23.4
Version: 21.23.5
Version: 21.23.6
Version: 21.23.7
Version: 21.23.8
Version: 21.23.9
Version: 21.23.b2
Version: 21.23.b3
Version: 21.23.c16
Version: 21.23.c17
Version: 21.23.n6
Version: 21.23.n7
Version: 21.23.n9
Version: 21.23.18
Version: 21.23.19
Version: 21.23.21
Version: 21.23.22
Version: 21.23.23
Version: 21.23.24
Version: 21.23.25
Version: 21.23.26
Version: 21.23.27
Version: 21.23.29
Version: 21.23.30
Version: 21.23.c18
Version: 21.23.n10
Version: 21.23.n11
Version: 21.23.n8
Version: 21.23.yn14
Version: 21.24.0
Version: 21.24.1
Version: 21.24.2
Version: 21.24.3
Version: 21.25.0
Version: 21.25.3
Version: 21.25.4
Version: 21.25.5
Version: 21.25.10
Version: 21.25.11
Version: 21.25.12
Version: 21.25.13
Version: 21.25.14
Version: 21.25.6
Version: 21.25.7
Version: 21.25.8
Version: 21.25.9
Version: 21.26.0
Version: 21.26.1
Version: 21.26.10
Version: 21.26.13
Version: 21.26.14
Version: 21.26.15
Version: 21.26.3
Version: 21.26.5
Version: 21.26.6
Version: 21.26.7
Version: 21.26.17
Version: 21.27.0
Version: 21.27.1
Version: 21.27.2
Version: 21.27.3
Version: 21.27.4
Version: 21.27.5
Version: 21.27.m0
Version: 21.28.0
Version: 21.28.1
Version: 21.28.2
Version: 21.28.m0
Version: 21.28.m1
Version: 21.28.m2
Version: 21.28.m3

Cisco Ultra Cloud Core - User Plane Function

Version: N/A

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "21.11.0"
            },
            {
              "status": "affected",
              "version": "21.11.1"
            },
            {
              "status": "affected",
              "version": "21.11.2"
            },
            {
              "status": "affected",
              "version": "21.11.3"
            },
            {
              "status": "affected",
              "version": "21.11.10"
            },
            {
              "status": "affected",
              "version": "21.11.11"
            },
            {
              "status": "affected",
              "version": "21.11.12"
            },
            {
              "status": "affected",
              "version": "21.11.13"
            },
            {
              "status": "affected",
              "version": "21.11.14"
            },
            {
              "status": "affected",
              "version": "21.11.4"
            },
            {
              "status": "affected",
              "version": "21.11.5"
            },
            {
              "status": "affected",
              "version": "21.11.6"
            },
            {
              "status": "affected",
              "version": "21.11.7"
            },
            {
              "status": "affected",
              "version": "21.11.8"
            },
            {
              "status": "affected",
              "version": "21.11.9"
            },
            {
              "status": "affected",
              "version": "21.11.15"
            },
            {
              "status": "affected",
              "version": "21.11.16"
            },
            {
              "status": "affected",
              "version": "21.11.17"
            },
            {
              "status": "affected",
              "version": "21.11.18"
            },
            {
              "status": "affected",
              "version": "21.11.19"
            },
            {
              "status": "affected",
              "version": "21.11.20"
            },
            {
              "status": "affected",
              "version": "21.11.21"
            },
            {
              "status": "affected",
              "version": "21.12.0"
            },
            {
              "status": "affected",
              "version": "21.12.1"
            },
            {
              "status": "affected",
              "version": "21.12.2"
            },
            {
              "status": "affected",
              "version": "21.12.3"
            },
            {
              "status": "affected",
              "version": "21.12.4"
            },
            {
              "status": "affected",
              "version": "21.12.5"
            },
            {
              "status": "affected",
              "version": "21.12.6"
            },
            {
              "status": "affected",
              "version": "21.12.10"
            },
            {
              "status": "affected",
              "version": "21.12.11"
            },
            {
              "status": "affected",
              "version": "21.12.12"
            },
            {
              "status": "affected",
              "version": "21.12.13"
            },
            {
              "status": "affected",
              "version": "21.12.14"
            },
            {
              "status": "affected",
              "version": "21.12.16"
            },
            {
              "status": "affected",
              "version": "21.12.17"
            },
            {
              "status": "affected",
              "version": "21.12.18"
            },
            {
              "status": "affected",
              "version": "21.12.7"
            },
            {
              "status": "affected",
              "version": "21.12.8"
            },
            {
              "status": "affected",
              "version": "21.12.9"
            },
            {
              "status": "affected",
              "version": "21.12.19"
            },
            {
              "status": "affected",
              "version": "21.12.20"
            },
            {
              "status": "affected",
              "version": "21.12.21"
            },
            {
              "status": "affected",
              "version": "21.12.22"
            },
            {
              "status": "affected",
              "version": "21.12.15"
            },
            {
              "status": "affected",
              "version": "21.13.0"
            },
            {
              "status": "affected",
              "version": "21.13.1"
            },
            {
              "status": "affected",
              "version": "21.13.2"
            },
            {
              "status": "affected",
              "version": "21.13.3"
            },
            {
              "status": "affected",
              "version": "21.13.4"
            },
            {
              "status": "affected",
              "version": "21.13.10"
            },
            {
              "status": "affected",
              "version": "21.13.11"
            },
            {
              "status": "affected",
              "version": "21.13.12"
            },
            {
              "status": "affected",
              "version": "21.13.13"
            },
            {
              "status": "affected",
              "version": "21.13.14"
            },
            {
              "status": "affected",
              "version": "21.13.15"
            },
            {
              "status": "affected",
              "version": "21.13.16"
            },
            {
              "status": "affected",
              "version": "21.13.17"
            },
            {
              "status": "affected",
              "version": "21.13.18"
            },
            {
              "status": "affected",
              "version": "21.13.19"
            },
            {
              "status": "affected",
              "version": "21.13.20"
            },
            {
              "status": "affected",
              "version": "21.13.5"
            },
            {
              "status": "affected",
              "version": "21.13.6"
            },
            {
              "status": "affected",
              "version": "21.13.7"
            },
            {
              "status": "affected",
              "version": "21.13.8"
            },
            {
              "status": "affected",
              "version": "21.13.9"
            },
            {
              "status": "affected",
              "version": "21.13.21"
            },
            {
              "status": "affected",
              "version": "21.14.0"
            },
            {
              "status": "affected",
              "version": "21.14.1"
            },
            {
              "status": "affected",
              "version": "21.14.10"
            },
            {
              "status": "affected",
              "version": "21.14.11"
            },
            {
              "status": "affected",
              "version": "21.14.12"
            },
            {
              "status": "affected",
              "version": "21.14.16"
            },
            {
              "status": "affected",
              "version": "21.14.17"
            },
            {
              "status": "affected",
              "version": "21.14.19"
            },
            {
              "status": "affected",
              "version": "21.14.2"
            },
            {
              "status": "affected",
              "version": "21.14.20"
            },
            {
              "status": "affected",
              "version": "21.14.3"
            },
            {
              "status": "affected",
              "version": "21.14.4"
            },
            {
              "status": "affected",
              "version": "21.14.5"
            },
            {
              "status": "affected",
              "version": "21.14.6"
            },
            {
              "status": "affected",
              "version": "21.14.7"
            },
            {
              "status": "affected",
              "version": "21.14.8"
            },
            {
              "status": "affected",
              "version": "21.14.9"
            },
            {
              "status": "affected",
              "version": "21.14.b12"
            },
            {
              "status": "affected",
              "version": "21.14.b13"
            },
            {
              "status": "affected",
              "version": "21.14.b14"
            },
            {
              "status": "affected",
              "version": "21.14.b15"
            },
            {
              "status": "affected",
              "version": "21.14.b17"
            },
            {
              "status": "affected",
              "version": "21.14.b18"
            },
            {
              "status": "affected",
              "version": "21.14.b19"
            },
            {
              "status": "affected",
              "version": "21.14.b20"
            },
            {
              "status": "affected",
              "version": "21.14.b21"
            },
            {
              "status": "affected",
              "version": "21.14.22"
            },
            {
              "status": "affected",
              "version": "21.14.b22"
            },
            {
              "status": "affected",
              "version": "21.14.23"
            },
            {
              "status": "affected",
              "version": "21.15.0"
            },
            {
              "status": "affected",
              "version": "21.15.1"
            },
            {
              "status": "affected",
              "version": "21.15.10"
            },
            {
              "status": "affected",
              "version": "21.15.11"
            },
            {
              "status": "affected",
              "version": "21.15.12"
            },
            {
              "status": "affected",
              "version": "21.15.13"
            },
            {
              "status": "affected",
              "version": "21.15.14"
            },
            {
              "status": "affected",
              "version": "21.15.15"
            },
            {
              "status": "affected",
              "version": "21.15.16"
            },
            {
              "status": "affected",
              "version": "21.15.17"
            },
            {
              "status": "affected",
              "version": "21.15.18"
            },
            {
              "status": "affected",
              "version": "21.15.19"
            },
            {
              "status": "affected",
              "version": "21.15.2"
            },
            {
              "status": "affected",
              "version": "21.15.20"
            },
            {
              "status": "affected",
              "version": "21.15.21"
            },
            {
              "status": "affected",
              "version": "21.15.22"
            },
            {
              "status": "affected",
              "version": "21.15.24"
            },
            {
              "status": "affected",
              "version": "21.15.25"
            },
            {
              "status": "affected",
              "version": "21.15.26"
            },
            {
              "status": "affected",
              "version": "21.15.27"
            },
            {
              "status": "affected",
              "version": "21.15.28"
            },
            {
              "status": "affected",
              "version": "21.15.29"
            },
            {
              "status": "affected",
              "version": "21.15.3"
            },
            {
              "status": "affected",
              "version": "21.15.30"
            },
            {
              "status": "affected",
              "version": "21.15.32"
            },
            {
              "status": "affected",
              "version": "21.15.33"
            },
            {
              "status": "affected",
              "version": "21.15.36"
            },
            {
              "status": "affected",
              "version": "21.15.37"
            },
            {
              "status": "affected",
              "version": "21.15.39"
            },
            {
              "status": "affected",
              "version": "21.15.4"
            },
            {
              "status": "affected",
              "version": "21.15.40"
            },
            {
              "status": "affected",
              "version": "21.15.41"
            },
            {
              "status": "affected",
              "version": "21.15.5"
            },
            {
              "status": "affected",
              "version": "21.15.6"
            },
            {
              "status": "affected",
              "version": "21.15.7"
            },
            {
              "status": "affected",
              "version": "21.15.8"
            },
            {
              "status": "affected",
              "version": "21.15.43"
            },
            {
              "status": "affected",
              "version": "21.15.45"
            },
            {
              "status": "affected",
              "version": "21.15.46"
            },
            {
              "status": "affected",
              "version": "21.15.47"
            },
            {
              "status": "affected",
              "version": "21.15.48"
            },
            {
              "status": "affected",
              "version": "21.15.51"
            },
            {
              "status": "affected",
              "version": "21.15.52"
            },
            {
              "status": "affected",
              "version": "21.15.53"
            },
            {
              "status": "affected",
              "version": "21.15.54"
            },
            {
              "status": "affected",
              "version": "21.15.55"
            },
            {
              "status": "affected",
              "version": "21.15.57"
            },
            {
              "status": "affected",
              "version": "21.15.58"
            },
            {
              "status": "affected",
              "version": "21.15.59"
            },
            {
              "status": "affected",
              "version": "21.15.60"
            },
            {
              "status": "affected",
              "version": "21.16.2"
            },
            {
              "status": "affected",
              "version": "21.16.3"
            },
            {
              "status": "affected",
              "version": "21.16.4"
            },
            {
              "status": "affected",
              "version": "21.16.5"
            },
            {
              "status": "affected",
              "version": "21.16.c10"
            },
            {
              "status": "affected",
              "version": "21.16.c11"
            },
            {
              "status": "affected",
              "version": "21.16.c12"
            },
            {
              "status": "affected",
              "version": "21.16.c13"
            },
            {
              "status": "affected",
              "version": "21.16.c9"
            },
            {
              "status": "affected",
              "version": "21.16.d0"
            },
            {
              "status": "affected",
              "version": "21.16.d1"
            },
            {
              "status": "affected",
              "version": "21.16.6"
            },
            {
              "status": "affected",
              "version": "21.16.c14"
            },
            {
              "status": "affected",
              "version": "21.16.7"
            },
            {
              "status": "affected",
              "version": "21.16.c15"
            },
            {
              "status": "affected",
              "version": "21.16.8"
            },
            {
              "status": "affected",
              "version": "21.16.c16"
            },
            {
              "status": "affected",
              "version": "21.16.10"
            },
            {
              "status": "affected",
              "version": "21.16.9"
            },
            {
              "status": "affected",
              "version": "21.16.c17"
            },
            {
              "status": "affected",
              "version": "21.16.c18"
            },
            {
              "status": "affected",
              "version": "21.16.c19"
            },
            {
              "status": "affected",
              "version": "21.17.0"
            },
            {
              "status": "affected",
              "version": "21.17.1"
            },
            {
              "status": "affected",
              "version": "21.17.2"
            },
            {
              "status": "affected",
              "version": "21.17.3"
            },
            {
              "status": "affected",
              "version": "21.17.4"
            },
            {
              "status": "affected",
              "version": "21.17.5"
            },
            {
              "status": "affected",
              "version": "21.17.6"
            },
            {
              "status": "affected",
              "version": "21.17.7"
            },
            {
              "status": "affected",
              "version": "21.17.8"
            },
            {
              "status": "affected",
              "version": "21.17.10"
            },
            {
              "status": "affected",
              "version": "21.17.11"
            },
            {
              "status": "affected",
              "version": "21.17.9"
            },
            {
              "status": "affected",
              "version": "21.17.12"
            },
            {
              "status": "affected",
              "version": "21.17.13"
            },
            {
              "status": "affected",
              "version": "21.17.14"
            },
            {
              "status": "affected",
              "version": "21.17.15"
            },
            {
              "status": "affected",
              "version": "21.17.16"
            },
            {
              "status": "affected",
              "version": "21.17.17"
            },
            {
              "status": "affected",
              "version": "21.17.18"
            },
            {
              "status": "affected",
              "version": "21.17.19"
            },
            {
              "status": "affected",
              "version": "21.18.0"
            },
            {
              "status": "affected",
              "version": "21.18.1"
            },
            {
              "status": "affected",
              "version": "21.18.2"
            },
            {
              "status": "affected",
              "version": "21.18.3"
            },
            {
              "status": "affected",
              "version": "21.18.4"
            },
            {
              "status": "affected",
              "version": "21.18.5"
            },
            {
              "status": "affected",
              "version": "21.18.11"
            },
            {
              "status": "affected",
              "version": "21.18.6"
            },
            {
              "status": "affected",
              "version": "21.18.7"
            },
            {
              "status": "affected",
              "version": "21.18.8"
            },
            {
              "status": "affected",
              "version": "21.18.9"
            },
            {
              "status": "affected",
              "version": "21.18.12"
            },
            {
              "status": "affected",
              "version": "21.18.13"
            },
            {
              "status": "affected",
              "version": "21.18.14"
            },
            {
              "status": "affected",
              "version": "21.18.15"
            },
            {
              "status": "affected",
              "version": "21.18.16"
            },
            {
              "status": "affected",
              "version": "21.18.17"
            },
            {
              "status": "affected",
              "version": "21.18.18"
            },
            {
              "status": "affected",
              "version": "21.18.19"
            },
            {
              "status": "affected",
              "version": "21.18.20"
            },
            {
              "status": "affected",
              "version": "21.18.21"
            },
            {
              "status": "affected",
              "version": "21.18.22"
            },
            {
              "status": "affected",
              "version": "21.18.23"
            },
            {
              "status": "affected",
              "version": "21.18.24"
            },
            {
              "status": "affected",
              "version": "21.18.25"
            },
            {
              "status": "affected",
              "version": "21.18.26"
            },
            {
              "status": "affected",
              "version": "21.19.0"
            },
            {
              "status": "affected",
              "version": "21.19.1"
            },
            {
              "status": "affected",
              "version": "21.19.2"
            },
            {
              "status": "affected",
              "version": "21.19.3"
            },
            {
              "status": "affected",
              "version": "21.19.n2"
            },
            {
              "status": "affected",
              "version": "21.19.4"
            },
            {
              "status": "affected",
              "version": "21.19.5"
            },
            {
              "status": "affected",
              "version": "21.19.n3"
            },
            {
              "status": "affected",
              "version": "21.19.n4"
            },
            {
              "status": "affected",
              "version": "21.19.6"
            },
            {
              "status": "affected",
              "version": "21.19.7"
            },
            {
              "status": "affected",
              "version": "21.19.8"
            },
            {
              "status": "affected",
              "version": "21.19.n5"
            },
            {
              "status": "affected",
              "version": "21.19.10"
            },
            {
              "status": "affected",
              "version": "21.19.9"
            },
            {
              "status": "affected",
              "version": "21.19.n6"
            },
            {
              "status": "affected",
              "version": "21.19.n7"
            },
            {
              "status": "affected",
              "version": "21.19.n8"
            },
            {
              "status": "affected",
              "version": "21.19.11"
            },
            {
              "status": "affected",
              "version": "21.19.n10"
            },
            {
              "status": "affected",
              "version": "21.19.n11"
            },
            {
              "status": "affected",
              "version": "21.19.n12"
            },
            {
              "status": "affected",
              "version": "21.19.n13"
            },
            {
              "status": "affected",
              "version": "21.19.n14"
            },
            {
              "status": "affected",
              "version": "21.19.n15"
            },
            {
              "status": "affected",
              "version": "21.19.n16"
            },
            {
              "status": "affected",
              "version": "21.19.n9"
            },
            {
              "status": "affected",
              "version": "21.19.n17"
            },
            {
              "status": "affected",
              "version": "21.19.n18"
            },
            {
              "status": "affected",
              "version": "21.20.0"
            },
            {
              "status": "affected",
              "version": "21.20.1"
            },
            {
              "status": "affected",
              "version": "21.20.SV1"
            },
            {
              "status": "affected",
              "version": "21.20.SV3"
            },
            {
              "status": "affected",
              "version": "21.20.SV5"
            },
            {
              "status": "affected",
              "version": "21.20.2"
            },
            {
              "status": "affected",
              "version": "21.20.3"
            },
            {
              "status": "affected",
              "version": "21.20.4"
            },
            {
              "status": "affected",
              "version": "21.20.5"
            },
            {
              "status": "affected",
              "version": "21.20.6"
            },
            {
              "status": "affected",
              "version": "21.20.7"
            },
            {
              "status": "affected",
              "version": "21.20.8"
            },
            {
              "status": "affected",
              "version": "21.20.9"
            },
            {
              "status": "affected",
              "version": "21.20.k6"
            },
            {
              "status": "affected",
              "version": "21.20.10"
            },
            {
              "status": "affected",
              "version": "21.20.11"
            },
            {
              "status": "affected",
              "version": "21.20.k7"
            },
            {
              "status": "affected",
              "version": "21.20.u8"
            },
            {
              "status": "affected",
              "version": "21.20.12"
            },
            {
              "status": "affected",
              "version": "21.20.13"
            },
            {
              "status": "affected",
              "version": "21.20.14"
            },
            {
              "status": "affected",
              "version": "21.20.k8"
            },
            {
              "status": "affected",
              "version": "21.20.p9"
            },
            {
              "status": "affected",
              "version": "21.20.15"
            },
            {
              "status": "affected",
              "version": "21.20.16"
            },
            {
              "status": "affected",
              "version": "21.20.17"
            },
            {
              "status": "affected",
              "version": "21.20.18"
            },
            {
              "status": "affected",
              "version": "21.20.19"
            },
            {
              "status": "affected",
              "version": "21.20.20"
            },
            {
              "status": "affected",
              "version": "21.20.21"
            },
            {
              "status": "affected",
              "version": "21.20.22"
            },
            {
              "status": "affected",
              "version": "21.20.23"
            },
            {
              "status": "affected",
              "version": "21.20.24"
            },
            {
              "status": "affected",
              "version": "21.20.25"
            },
            {
              "status": "affected",
              "version": "21.20.26"
            },
            {
              "status": "affected",
              "version": "21.20.28"
            },
            {
              "status": "affected",
              "version": "21.20.29"
            },
            {
              "status": "affected",
              "version": "21.20.30"
            },
            {
              "status": "affected",
              "version": "21.20.c22"
            },
            {
              "status": "affected",
              "version": "21.20.31"
            },
            {
              "status": "affected",
              "version": "21.20.32"
            },
            {
              "status": "affected",
              "version": "21.20.33"
            },
            {
              "status": "affected",
              "version": "21.20.34"
            },
            {
              "status": "affected",
              "version": "21.20.35"
            },
            {
              "status": "affected",
              "version": "21.20.27"
            },
            {
              "status": "affected",
              "version": "21.20.SV2"
            },
            {
              "status": "affected",
              "version": "21.21.0"
            },
            {
              "status": "affected",
              "version": "21.21.1"
            },
            {
              "status": "affected",
              "version": "21.21.2"
            },
            {
              "status": "affected",
              "version": "21.21.3"
            },
            {
              "status": "affected",
              "version": "21.21.KS2"
            },
            {
              "status": "affected",
              "version": "21.22.0"
            },
            {
              "status": "affected",
              "version": "21.22.n2"
            },
            {
              "status": "affected",
              "version": "21.22.n3"
            },
            {
              "status": "affected",
              "version": "21.22.3"
            },
            {
              "status": "affected",
              "version": "21.22.4"
            },
            {
              "status": "affected",
              "version": "21.22.5"
            },
            {
              "status": "affected",
              "version": "21.22.uj3"
            },
            {
              "status": "affected",
              "version": "21.22.11"
            },
            {
              "status": "affected",
              "version": "21.22.6"
            },
            {
              "status": "affected",
              "version": "21.22.7"
            },
            {
              "status": "affected",
              "version": "21.22.8"
            },
            {
              "status": "affected",
              "version": "21.22.n4"
            },
            {
              "status": "affected",
              "version": "21.22.n5"
            },
            {
              "status": "affected",
              "version": "21.22.ua0"
            },
            {
              "status": "affected",
              "version": "21.22.ua2"
            },
            {
              "status": "affected",
              "version": "21.22.ua3"
            },
            {
              "status": "affected",
              "version": "21.22.ua5"
            },
            {
              "status": "affected",
              "version": "21.22.12"
            },
            {
              "status": "affected",
              "version": "21.22.13"
            },
            {
              "status": "affected",
              "version": "21.22.n10"
            },
            {
              "status": "affected",
              "version": "21.22.n11"
            },
            {
              "status": "affected",
              "version": "21.22.n12"
            },
            {
              "status": "affected",
              "version": "21.22.n6"
            },
            {
              "status": "affected",
              "version": "21.22.n7"
            },
            {
              "status": "affected",
              "version": "21.22.n8"
            },
            {
              "status": "affected",
              "version": "21.22.n9"
            },
            {
              "status": "affected",
              "version": "21.22.n13"
            },
            {
              "status": "affected",
              "version": "21.23.0"
            },
            {
              "status": "affected",
              "version": "21.23.1"
            },
            {
              "status": "affected",
              "version": "21.23.10"
            },
            {
              "status": "affected",
              "version": "21.23.11"
            },
            {
              "status": "affected",
              "version": "21.23.12"
            },
            {
              "status": "affected",
              "version": "21.23.13"
            },
            {
              "status": "affected",
              "version": "21.23.14"
            },
            {
              "status": "affected",
              "version": "21.23.15"
            },
            {
              "status": "affected",
              "version": "21.23.16"
            },
            {
              "status": "affected",
              "version": "21.23.17"
            },
            {
              "status": "affected",
              "version": "21.23.2"
            },
            {
              "status": "affected",
              "version": "21.23.3"
            },
            {
              "status": "affected",
              "version": "21.23.4"
            },
            {
              "status": "affected",
              "version": "21.23.5"
            },
            {
              "status": "affected",
              "version": "21.23.6"
            },
            {
              "status": "affected",
              "version": "21.23.7"
            },
            {
              "status": "affected",
              "version": "21.23.8"
            },
            {
              "status": "affected",
              "version": "21.23.9"
            },
            {
              "status": "affected",
              "version": "21.23.b2"
            },
            {
              "status": "affected",
              "version": "21.23.b3"
            },
            {
              "status": "affected",
              "version": "21.23.c16"
            },
            {
              "status": "affected",
              "version": "21.23.c17"
            },
            {
              "status": "affected",
              "version": "21.23.n6"
            },
            {
              "status": "affected",
              "version": "21.23.n7"
            },
            {
              "status": "affected",
              "version": "21.23.n9"
            },
            {
              "status": "affected",
              "version": "21.23.18"
            },
            {
              "status": "affected",
              "version": "21.23.19"
            },
            {
              "status": "affected",
              "version": "21.23.21"
            },
            {
              "status": "affected",
              "version": "21.23.22"
            },
            {
              "status": "affected",
              "version": "21.23.23"
            },
            {
              "status": "affected",
              "version": "21.23.24"
            },
            {
              "status": "affected",
              "version": "21.23.25"
            },
            {
              "status": "affected",
              "version": "21.23.26"
            },
            {
              "status": "affected",
              "version": "21.23.27"
            },
            {
              "status": "affected",
              "version": "21.23.29"
            },
            {
              "status": "affected",
              "version": "21.23.30"
            },
            {
              "status": "affected",
              "version": "21.23.c18"
            },
            {
              "status": "affected",
              "version": "21.23.n10"
            },
            {
              "status": "affected",
              "version": "21.23.n11"
            },
            {
              "status": "affected",
              "version": "21.23.n8"
            },
            {
              "status": "affected",
              "version": "21.23.yn14"
            },
            {
              "status": "affected",
              "version": "21.24.0"
            },
            {
              "status": "affected",
              "version": "21.24.1"
            },
            {
              "status": "affected",
              "version": "21.24.2"
            },
            {
              "status": "affected",
              "version": "21.24.3"
            },
            {
              "status": "affected",
              "version": "21.25.0"
            },
            {
              "status": "affected",
              "version": "21.25.3"
            },
            {
              "status": "affected",
              "version": "21.25.4"
            },
            {
              "status": "affected",
              "version": "21.25.5"
            },
            {
              "status": "affected",
              "version": "21.25.10"
            },
            {
              "status": "affected",
              "version": "21.25.11"
            },
            {
              "status": "affected",
              "version": "21.25.12"
            },
            {
              "status": "affected",
              "version": "21.25.13"
            },
            {
              "status": "affected",
              "version": "21.25.14"
            },
            {
              "status": "affected",
              "version": "21.25.6"
            },
            {
              "status": "affected",
              "version": "21.25.7"
            },
            {
              "status": "affected",
              "version": "21.25.8"
            },
            {
              "status": "affected",
              "version": "21.25.9"
            },
            {
              "status": "affected",
              "version": "21.26.0"
            },
            {
              "status": "affected",
              "version": "21.26.1"
            },
            {
              "status": "affected",
              "version": "21.26.10"
            },
            {
              "status": "affected",
              "version": "21.26.13"
            },
            {
              "status": "affected",
              "version": "21.26.14"
            },
            {
              "status": "affected",
              "version": "21.26.15"
            },
            {
              "status": "affected",
              "version": "21.26.3"
            },
            {
              "status": "affected",
              "version": "21.26.5"
            },
            {
              "status": "affected",
              "version": "21.26.6"
            },
            {
              "status": "affected",
              "version": "21.26.7"
            },
            {
              "status": "affected",
              "version": "21.26.17"
            },
            {
              "status": "affected",
              "version": "21.27.0"
            },
            {
              "status": "affected",
              "version": "21.27.1"
            },
            {
              "status": "affected",
              "version": "21.27.2"
            },
            {
              "status": "affected",
              "version": "21.27.3"
            },
            {
              "status": "affected",
              "version": "21.27.4"
            },
            {
              "status": "affected",
              "version": "21.27.5"
            },
            {
              "status": "affected",
              "version": "21.27.m0"
            },
            {
              "status": "affected",
              "version": "21.28.0"
            },
            {
              "status": "affected",
              "version": "21.28.1"
            },
            {
              "status": "affected",
              "version": "21.28.2"
            },
            {
              "status": "affected",
              "version": "21.28.m0"
            },
            {
              "status": "affected",
              "version": "21.28.m1"
            },
            {
              "status": "affected",
              "version": "21.28.m2"
            },
            {
              "status": "affected",
              "version": "21.28.m3"
            }
          ]
        },
        {
          "product": "Cisco Ultra Cloud Core - User Plane Function",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r   There are workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-289",
              "description": "Authentication Bypass by Alternate Name",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:38.039Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
        }
      ],
      "source": {
        "advisory": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
        "defects": [
          "CSCwd89468"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20046",
    "datePublished": "2023-05-09T13:06:10.748Z",
    "dateReserved": "2022-10-27T18:47:50.317Z",
    "dateUpdated": "2024-08-02T08:57:35.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3500

Vulnerability from cvelistv5

Published

2020-08-17 18:00

Modified

2024-11-13 18:16

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:54.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200805 Cisco StarOS IPv6 Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3500",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:24:57.726835Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:16:15.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-17T18:00:26",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200805 Cisco StarOS IPv6 Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asr5k-ipv6-dos-ce3zhF8m",
        "defect": [
          [
            "CSCvu23797"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS IPv6 Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-08-05T16:00:00",
          "ID": "CVE-2020-3500",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS IPv6 Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.8",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200805 Cisco StarOS IPv6 Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asr5k-ipv6-dos-ce3zhF8m",
          "defect": [
            [
              "CSCvu23797"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3500",
    "datePublished": "2020-08-17T18:00:26.607744Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-13T18:16:15.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1353

Vulnerability from cvelistv5

Published

2021-01-20 20:00

Modified

2024-11-12 20:21

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Summary

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:16.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210120 Cisco StarOS IPv4 Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:05:17.789835Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:21:29.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T20:00:46",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210120 Cisco StarOS IPv4 Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asr-mem-leak-dos-MTWGHKk3",
        "defect": [
          [
            "CSCvq83868",
            "CSCvv69023"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS IPv4 Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-01-20T16:00:00",
          "ID": "CVE-2021-1353",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS IPv4 Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-401"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210120 Cisco StarOS IPv4 Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr-mem-leak-dos-MTWGHKk3"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asr-mem-leak-dos-MTWGHKk3",
          "defect": [
            [
              "CSCvq83868",
              "CSCvv69023"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1353",
    "datePublished": "2021-01-20T20:00:46.220853Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-12T20:21:29.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0239

Vulnerability from cvelistv5

Published

2018-04-19 20:00

Modified

2024-11-29 15:17

Severity ?

Summary

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103923	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040720	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor

Product

Version

▼

Version: Cisco StarOS

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:13.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros"
          },
          {
            "name": "103923",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103923"
          },
          {
            "name": "1040720",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040720"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0239",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:44:26.771177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:17:20.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2018-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-20T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros"
        },
        {
          "name": "103923",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103923"
        },
        {
          "name": "1040720",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040720"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros"
            },
            {
              "name": "103923",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103923"
            },
            {
              "name": "1040720",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040720"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0239",
    "datePublished": "2018-04-19T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:17:20.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1378

Vulnerability from cvelistv5

Published

2021-02-17 16:55

Modified

2024-11-08 23:41

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210217 Cisco StarOS Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1378",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:04:08.237238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:41:07.900Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-02-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-17T16:55:22",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210217 Cisco StarOS Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj"
        }
      ],
      "source": {
        "advisory": "cisco-sa-StarOS-DoS-RLLvGFJj",
        "defect": [
          [
            "CSCvu59686"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-02-17T16:00:00",
          "ID": "CVE-2021-1378",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210217 Cisco StarOS Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-StarOS-DoS-RLLvGFJj",
          "defect": [
            [
              "CSCvu59686"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1378",
    "datePublished": "2021-02-17T16:55:22.801805Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-08T23:41:07.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0224

Vulnerability from cvelistv5

Published

2018-03-08 07:00

Modified

2024-12-02 20:56

Severity ?

Summary

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040466	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/103344	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Version: Cisco StarOS

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:14.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1"
          },
          {
            "name": "1040466",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040466"
          },
          {
            "name": "103344",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103344"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0224",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T19:08:49.663006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T20:56:24.506Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2018-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-10T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1"
        },
        {
          "name": "1040466",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040466"
        },
        {
          "name": "103344",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103344"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0224",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros1"
            },
            {
              "name": "1040466",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040466"
            },
            {
              "name": "103344",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103344"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0224",
    "datePublished": "2018-03-08T07:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-12-02T20:56:24.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1540

Vulnerability from cvelistv5

Published

2021-06-04 16:46

Modified

2024-11-07 22:09

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Summary

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.717Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210602 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:42.298517Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:09:20.180Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-04T16:46:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210602 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asr5k-autho-bypass-mJDF5S7n",
        "defect": [
          [
            "CSCvu85001",
            "CSCvv33622"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-06-02T16:00:00",
          "ID": "CVE-2021-1540",
          "STATE": "PUBLIC",
          "TITLE": "Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210602 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asr5k-autho-bypass-mJDF5S7n",
          "defect": [
            [
              "CSCvu85001",
              "CSCvv33622"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1540",
    "datePublished": "2021-06-04T16:46:02.739386Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:09:20.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3602

Vulnerability from cvelistv5

Published

2020-10-08 04:21

Modified

2024-11-13 17:51

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

Summary

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:55.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201007 Cisco StarOS Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:22:52.999652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:51:28.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-08T04:21:09",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201007 Cisco StarOS Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd"
        }
      ],
      "source": {
        "advisory": "cisco-sa-staros-privilege-esc-pyb7YTd",
        "defect": [
          [
            "CSCvv34222"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS Privilege Escalation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-10-07T16:00:00",
          "ID": "CVE-2020-3602",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.3",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201007 Cisco StarOS Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-privilege-esc-pyb7YTd"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-staros-privilege-esc-pyb7YTd",
          "defect": [
            [
              "CSCvv34222"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3602",
    "datePublished": "2020-10-08T04:21:09.915700Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-13T17:51:28.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1539

Vulnerability from cvelistv5

Published

2021-06-04 16:45

Modified

2024-11-07 22:09

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Summary

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210602 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:43.467282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:09:26.621Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-04T16:45:58",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210602 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asr5k-autho-bypass-mJDF5S7n",
        "defect": [
          [
            "CSCvu85001",
            "CSCvv33622"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-06-02T16:00:00",
          "ID": "CVE-2021-1539",
          "STATE": "PUBLIC",
          "TITLE": "Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210602 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asr5k-autho-bypass-mJDF5S7n",
          "defect": [
            [
              "CSCvu85001",
              "CSCvv33622"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1539",
    "datePublished": "2021-06-04T16:45:58.314042Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:09:26.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1869

Vulnerability from cvelistv5

Published

2019-06-20 02:55

Modified

2024-11-19 19:05

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/108853	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Version: unspecified < 21.11.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190619 Cisco StarOS Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos"
          },
          {
            "name": "108853",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108853"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T17:24:03.377833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T19:05:58.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "21.11.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-21T09:06:07",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190619 Cisco StarOS Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos"
        },
        {
          "name": "108853",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108853"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190619-staros-asr-dos",
        "defect": [
          [
            "CSCvn06757"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-06-19T16:00:00-0700",
          "ID": "CVE-2019-1869",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "21.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-824"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190619 Cisco StarOS Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos"
            },
            {
              "name": "108853",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108853"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190619-staros-asr-dos",
          "defect": [
            [
              "CSCvn06757"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1869",
    "datePublished": "2019-06-20T02:55:15.750798Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-19T19:05:58.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0369

Vulnerability from cvelistv5

Published

2018-07-16 17:00

Modified

2024-11-29 14:54

Severity ?

Summary

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/104723	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Cisco StarOS unknown

Version: Cisco StarOS unknown

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104723",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:43:35.834482Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T14:54:35.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-17T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "104723",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0369",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104723",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104723"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0369",
    "datePublished": "2018-07-16T17:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T14:54:35.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0122

Vulnerability from cvelistv5

Published

2018-02-08 07:00

Modified

2024-12-02 21:23

Severity ?

Summary

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040340	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/103028	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers

Version: Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040340",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040340"
          },
          {
            "name": "103028",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103028"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T18:55:27.862053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T21:23:01.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers"
            }
          ]
        }
      ],
      "datePublic": "2018-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-16T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1040340",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040340"
        },
        {
          "name": "103028",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103028"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0122",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040340",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040340"
            },
            {
              "name": "103028",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103028"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0122",
    "datePublished": "2018-02-08T07:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-12-02T21:23:01.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0273

Vulnerability from cvelistv5

Published

2018-04-19 20:00

Modified

2024-11-29 15:14

Severity ?

Summary

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103935	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040721	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor

Product

Version

▼

Cisco StarOS IPsec Manager

Version: Cisco StarOS IPsec Manager

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:14.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr"
          },
          {
            "name": "103935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103935"
          },
          {
            "name": "1040721",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040721"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0273",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:44:16.637094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:14:24.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS IPsec Manager",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS IPsec Manager"
            }
          ]
        }
      ],
      "datePublic": "2018-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-21T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr"
        },
        {
          "name": "103935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103935"
        },
        {
          "name": "1040721",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040721"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS IPsec Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS IPsec Manager"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr"
            },
            {
              "name": "103935",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103935"
            },
            {
              "name": "1040721",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040721"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0273",
    "datePublished": "2018-04-19T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:14:24.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0149

Vulnerability from cvelistv5

Published

2013-08-03 01:00

Modified

2024-08-06 14:18

Severity ?

Summary

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf	vendor-advisory, x_refsource_CISCO
	http://www.kb.cert.org/vuls/id/229804	third-party-advisory, x_refsource_CERT-VN

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130801 OSPF LSA Manipulation Vulnerability in Multiple Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf"
          },
          {
            "name": "VU#229804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/229804"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-13T09:00:00",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "20130801 OSPF LSA Manipulation Vulnerability in Multiple Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf"
        },
        {
          "name": "VU#229804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/229804"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-0149",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130801 OSPF LSA Manipulation Vulnerability in Multiple Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf"
            },
            {
              "name": "VU#229804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/229804"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2013-0149",
    "datePublished": "2013-08-03T01:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3601

Vulnerability from cvelistv5

Published

2020-10-08 04:21

Modified

2024-11-13 17:51

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Summary

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:55.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201007 Cisco StarOS Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:22:54.399305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:51:37.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco ASR 5000 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-08T04:21:05",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201007 Cisco StarOS Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-staros-priv-esc-gGCUMFxv",
        "defect": [
          [
            "CSCvv34214"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco StarOS Privilege Escalation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-10-07T16:00:00",
          "ID": "CVE-2020-3601",
          "STATE": "PUBLIC",
          "TITLE": "Cisco StarOS Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco ASR 5000 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.4",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201007 Cisco StarOS Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-priv-esc-gGCUMFxv"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-staros-priv-esc-gGCUMFxv",
          "defect": [
            [
              "CSCvv34214"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3601",
    "datePublished": "2020-10-08T04:21:05.487432Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-13T17:51:37.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3244

Vulnerability from cvelistv5

Published

2020-06-18 02:21

Modified

2024-11-15 16:59

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website