Action not permitted
Modal body text goes here.
Modal Title
Modal Body
BDU:2023-02354
Vulnerability from fstec - Published: 19.04.2023
VLAI Severity ?
Title
Уязвимость в функции SSH-аутентификации на основе ключей программного обеспечения Cisco StarOS, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость в функции SSH-аутентификации на основе ключей программного обеспечения Cisco StarOS возникает из-за недостаточной проверки предоставленных пользователем учетных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить привилегии на уязвимом устройстве
Severity ?
Vendor
Cisco Systems Inc.
Software Name
StarOS, ASR 5000, Virtualized Packet Core
Software Version
от 21.22.0 - 21.28.m включительно (StarOS), - (ASR 5000), - Distributed Instance (VPC-DI) (Virtualized Packet Core), - Single Instance (VPC-SI) (Virtualized Packet Core)
Possible Mitigations
Использование рекомендаций:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h
Reference
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h
CWE
CWE-255
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 21.22.0 - 21.28.m \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (StarOS), - (ASR 5000), - Distributed Instance (VPC-DI) (Virtualized Packet Core), - Single Instance (VPC-SI) (Virtualized Packet Core)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.04.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.05.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.05.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-02354",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-20046",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "StarOS, ASR 5000, Virtualized Packet Core",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SSH-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u043b\u044e\u0447\u0435\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Cisco StarOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 (CWE-255)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SSH-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u043b\u044e\u0447\u0435\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Cisco StarOS \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-255",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CVE-2023-20046 (GCVE-0-2023-20046)
Vulnerability from cvelistv5 – Published: 2023-05-09 13:06 – Updated: 2024-08-02 08:57
VLAI?
EPSS
Summary
A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.
There are workarounds that address this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-289 - Authentication Bypass by Alternate Name
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco ASR 5000 Series Software |
Affected:
21.11.0
Affected: 21.11.1 Affected: 21.11.2 Affected: 21.11.3 Affected: 21.11.10 Affected: 21.11.11 Affected: 21.11.12 Affected: 21.11.13 Affected: 21.11.14 Affected: 21.11.4 Affected: 21.11.5 Affected: 21.11.6 Affected: 21.11.7 Affected: 21.11.8 Affected: 21.11.9 Affected: 21.11.15 Affected: 21.11.16 Affected: 21.11.17 Affected: 21.11.18 Affected: 21.11.19 Affected: 21.11.20 Affected: 21.11.21 Affected: 21.12.0 Affected: 21.12.1 Affected: 21.12.2 Affected: 21.12.3 Affected: 21.12.4 Affected: 21.12.5 Affected: 21.12.6 Affected: 21.12.10 Affected: 21.12.11 Affected: 21.12.12 Affected: 21.12.13 Affected: 21.12.14 Affected: 21.12.16 Affected: 21.12.17 Affected: 21.12.18 Affected: 21.12.7 Affected: 21.12.8 Affected: 21.12.9 Affected: 21.12.19 Affected: 21.12.20 Affected: 21.12.21 Affected: 21.12.22 Affected: 21.12.15 Affected: 21.13.0 Affected: 21.13.1 Affected: 21.13.2 Affected: 21.13.3 Affected: 21.13.4 Affected: 21.13.10 Affected: 21.13.11 Affected: 21.13.12 Affected: 21.13.13 Affected: 21.13.14 Affected: 21.13.15 Affected: 21.13.16 Affected: 21.13.17 Affected: 21.13.18 Affected: 21.13.19 Affected: 21.13.20 Affected: 21.13.5 Affected: 21.13.6 Affected: 21.13.7 Affected: 21.13.8 Affected: 21.13.9 Affected: 21.13.21 Affected: 21.14.0 Affected: 21.14.1 Affected: 21.14.10 Affected: 21.14.11 Affected: 21.14.12 Affected: 21.14.16 Affected: 21.14.17 Affected: 21.14.19 Affected: 21.14.2 Affected: 21.14.20 Affected: 21.14.3 Affected: 21.14.4 Affected: 21.14.5 Affected: 21.14.6 Affected: 21.14.7 Affected: 21.14.8 Affected: 21.14.9 Affected: 21.14.b12 Affected: 21.14.b13 Affected: 21.14.b14 Affected: 21.14.b15 Affected: 21.14.b17 Affected: 21.14.b18 Affected: 21.14.b19 Affected: 21.14.b20 Affected: 21.14.b21 Affected: 21.14.22 Affected: 21.14.b22 Affected: 21.14.23 Affected: 21.15.0 Affected: 21.15.1 Affected: 21.15.10 Affected: 21.15.11 Affected: 21.15.12 Affected: 21.15.13 Affected: 21.15.14 Affected: 21.15.15 Affected: 21.15.16 Affected: 21.15.17 Affected: 21.15.18 Affected: 21.15.19 Affected: 21.15.2 Affected: 21.15.20 Affected: 21.15.21 Affected: 21.15.22 Affected: 21.15.24 Affected: 21.15.25 Affected: 21.15.26 Affected: 21.15.27 Affected: 21.15.28 Affected: 21.15.29 Affected: 21.15.3 Affected: 21.15.30 Affected: 21.15.32 Affected: 21.15.33 Affected: 21.15.36 Affected: 21.15.37 Affected: 21.15.39 Affected: 21.15.4 Affected: 21.15.40 Affected: 21.15.41 Affected: 21.15.5 Affected: 21.15.6 Affected: 21.15.7 Affected: 21.15.8 Affected: 21.15.43 Affected: 21.15.45 Affected: 21.15.46 Affected: 21.15.47 Affected: 21.15.48 Affected: 21.15.51 Affected: 21.15.52 Affected: 21.15.53 Affected: 21.15.54 Affected: 21.15.55 Affected: 21.15.57 Affected: 21.15.58 Affected: 21.15.59 Affected: 21.15.60 Affected: 21.16.2 Affected: 21.16.3 Affected: 21.16.4 Affected: 21.16.5 Affected: 21.16.c10 Affected: 21.16.c11 Affected: 21.16.c12 Affected: 21.16.c13 Affected: 21.16.c9 Affected: 21.16.d0 Affected: 21.16.d1 Affected: 21.16.6 Affected: 21.16.c14 Affected: 21.16.7 Affected: 21.16.c15 Affected: 21.16.8 Affected: 21.16.c16 Affected: 21.16.10 Affected: 21.16.9 Affected: 21.16.c17 Affected: 21.16.c18 Affected: 21.16.c19 Affected: 21.17.0 Affected: 21.17.1 Affected: 21.17.2 Affected: 21.17.3 Affected: 21.17.4 Affected: 21.17.5 Affected: 21.17.6 Affected: 21.17.7 Affected: 21.17.8 Affected: 21.17.10 Affected: 21.17.11 Affected: 21.17.9 Affected: 21.17.12 Affected: 21.17.13 Affected: 21.17.14 Affected: 21.17.15 Affected: 21.17.16 Affected: 21.17.17 Affected: 21.17.18 Affected: 21.17.19 Affected: 21.18.0 Affected: 21.18.1 Affected: 21.18.2 Affected: 21.18.3 Affected: 21.18.4 Affected: 21.18.5 Affected: 21.18.11 Affected: 21.18.6 Affected: 21.18.7 Affected: 21.18.8 Affected: 21.18.9 Affected: 21.18.12 Affected: 21.18.13 Affected: 21.18.14 Affected: 21.18.15 Affected: 21.18.16 Affected: 21.18.17 Affected: 21.18.18 Affected: 21.18.19 Affected: 21.18.20 Affected: 21.18.21 Affected: 21.18.22 Affected: 21.18.23 Affected: 21.18.24 Affected: 21.18.25 Affected: 21.18.26 Affected: 21.19.0 Affected: 21.19.1 Affected: 21.19.2 Affected: 21.19.3 Affected: 21.19.n2 Affected: 21.19.4 Affected: 21.19.5 Affected: 21.19.n3 Affected: 21.19.n4 Affected: 21.19.6 Affected: 21.19.7 Affected: 21.19.8 Affected: 21.19.n5 Affected: 21.19.10 Affected: 21.19.9 Affected: 21.19.n6 Affected: 21.19.n7 Affected: 21.19.n8 Affected: 21.19.11 Affected: 21.19.n10 Affected: 21.19.n11 Affected: 21.19.n12 Affected: 21.19.n13 Affected: 21.19.n14 Affected: 21.19.n15 Affected: 21.19.n16 Affected: 21.19.n9 Affected: 21.19.n17 Affected: 21.19.n18 Affected: 21.20.0 Affected: 21.20.1 Affected: 21.20.SV1 Affected: 21.20.SV3 Affected: 21.20.SV5 Affected: 21.20.2 Affected: 21.20.3 Affected: 21.20.4 Affected: 21.20.5 Affected: 21.20.6 Affected: 21.20.7 Affected: 21.20.8 Affected: 21.20.9 Affected: 21.20.k6 Affected: 21.20.10 Affected: 21.20.11 Affected: 21.20.k7 Affected: 21.20.u8 Affected: 21.20.12 Affected: 21.20.13 Affected: 21.20.14 Affected: 21.20.k8 Affected: 21.20.p9 Affected: 21.20.15 Affected: 21.20.16 Affected: 21.20.17 Affected: 21.20.18 Affected: 21.20.19 Affected: 21.20.20 Affected: 21.20.21 Affected: 21.20.22 Affected: 21.20.23 Affected: 21.20.24 Affected: 21.20.25 Affected: 21.20.26 Affected: 21.20.28 Affected: 21.20.29 Affected: 21.20.30 Affected: 21.20.c22 Affected: 21.20.31 Affected: 21.20.32 Affected: 21.20.33 Affected: 21.20.34 Affected: 21.20.35 Affected: 21.20.27 Affected: 21.20.SV2 Affected: 21.21.0 Affected: 21.21.1 Affected: 21.21.2 Affected: 21.21.3 Affected: 21.21.KS2 Affected: 21.22.0 Affected: 21.22.n2 Affected: 21.22.n3 Affected: 21.22.3 Affected: 21.22.4 Affected: 21.22.5 Affected: 21.22.uj3 Affected: 21.22.11 Affected: 21.22.6 Affected: 21.22.7 Affected: 21.22.8 Affected: 21.22.n4 Affected: 21.22.n5 Affected: 21.22.ua0 Affected: 21.22.ua2 Affected: 21.22.ua3 Affected: 21.22.ua5 Affected: 21.22.12 Affected: 21.22.13 Affected: 21.22.n10 Affected: 21.22.n11 Affected: 21.22.n12 Affected: 21.22.n6 Affected: 21.22.n7 Affected: 21.22.n8 Affected: 21.22.n9 Affected: 21.22.n13 Affected: 21.23.0 Affected: 21.23.1 Affected: 21.23.10 Affected: 21.23.11 Affected: 21.23.12 Affected: 21.23.13 Affected: 21.23.14 Affected: 21.23.15 Affected: 21.23.16 Affected: 21.23.17 Affected: 21.23.2 Affected: 21.23.3 Affected: 21.23.4 Affected: 21.23.5 Affected: 21.23.6 Affected: 21.23.7 Affected: 21.23.8 Affected: 21.23.9 Affected: 21.23.b2 Affected: 21.23.b3 Affected: 21.23.c16 Affected: 21.23.c17 Affected: 21.23.n6 Affected: 21.23.n7 Affected: 21.23.n9 Affected: 21.23.18 Affected: 21.23.19 Affected: 21.23.21 Affected: 21.23.22 Affected: 21.23.23 Affected: 21.23.24 Affected: 21.23.25 Affected: 21.23.26 Affected: 21.23.27 Affected: 21.23.29 Affected: 21.23.30 Affected: 21.23.c18 Affected: 21.23.n10 Affected: 21.23.n11 Affected: 21.23.n8 Affected: 21.23.yn14 Affected: 21.24.0 Affected: 21.24.1 Affected: 21.24.2 Affected: 21.24.3 Affected: 21.25.0 Affected: 21.25.3 Affected: 21.25.4 Affected: 21.25.5 Affected: 21.25.10 Affected: 21.25.11 Affected: 21.25.12 Affected: 21.25.13 Affected: 21.25.14 Affected: 21.25.6 Affected: 21.25.7 Affected: 21.25.8 Affected: 21.25.9 Affected: 21.26.0 Affected: 21.26.1 Affected: 21.26.10 Affected: 21.26.13 Affected: 21.26.14 Affected: 21.26.15 Affected: 21.26.3 Affected: 21.26.5 Affected: 21.26.6 Affected: 21.26.7 Affected: 21.26.17 Affected: 21.27.0 Affected: 21.27.1 Affected: 21.27.2 Affected: 21.27.3 Affected: 21.27.4 Affected: 21.27.5 Affected: 21.27.m0 Affected: 21.28.0 Affected: 21.28.1 Affected: 21.28.2 Affected: 21.28.m0 Affected: 21.28.m1 Affected: 21.28.m2 Affected: 21.28.m3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco ASR 5000 Series Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "21.11.0"
},
{
"status": "affected",
"version": "21.11.1"
},
{
"status": "affected",
"version": "21.11.2"
},
{
"status": "affected",
"version": "21.11.3"
},
{
"status": "affected",
"version": "21.11.10"
},
{
"status": "affected",
"version": "21.11.11"
},
{
"status": "affected",
"version": "21.11.12"
},
{
"status": "affected",
"version": "21.11.13"
},
{
"status": "affected",
"version": "21.11.14"
},
{
"status": "affected",
"version": "21.11.4"
},
{
"status": "affected",
"version": "21.11.5"
},
{
"status": "affected",
"version": "21.11.6"
},
{
"status": "affected",
"version": "21.11.7"
},
{
"status": "affected",
"version": "21.11.8"
},
{
"status": "affected",
"version": "21.11.9"
},
{
"status": "affected",
"version": "21.11.15"
},
{
"status": "affected",
"version": "21.11.16"
},
{
"status": "affected",
"version": "21.11.17"
},
{
"status": "affected",
"version": "21.11.18"
},
{
"status": "affected",
"version": "21.11.19"
},
{
"status": "affected",
"version": "21.11.20"
},
{
"status": "affected",
"version": "21.11.21"
},
{
"status": "affected",
"version": "21.12.0"
},
{
"status": "affected",
"version": "21.12.1"
},
{
"status": "affected",
"version": "21.12.2"
},
{
"status": "affected",
"version": "21.12.3"
},
{
"status": "affected",
"version": "21.12.4"
},
{
"status": "affected",
"version": "21.12.5"
},
{
"status": "affected",
"version": "21.12.6"
},
{
"status": "affected",
"version": "21.12.10"
},
{
"status": "affected",
"version": "21.12.11"
},
{
"status": "affected",
"version": "21.12.12"
},
{
"status": "affected",
"version": "21.12.13"
},
{
"status": "affected",
"version": "21.12.14"
},
{
"status": "affected",
"version": "21.12.16"
},
{
"status": "affected",
"version": "21.12.17"
},
{
"status": "affected",
"version": "21.12.18"
},
{
"status": "affected",
"version": "21.12.7"
},
{
"status": "affected",
"version": "21.12.8"
},
{
"status": "affected",
"version": "21.12.9"
},
{
"status": "affected",
"version": "21.12.19"
},
{
"status": "affected",
"version": "21.12.20"
},
{
"status": "affected",
"version": "21.12.21"
},
{
"status": "affected",
"version": "21.12.22"
},
{
"status": "affected",
"version": "21.12.15"
},
{
"status": "affected",
"version": "21.13.0"
},
{
"status": "affected",
"version": "21.13.1"
},
{
"status": "affected",
"version": "21.13.2"
},
{
"status": "affected",
"version": "21.13.3"
},
{
"status": "affected",
"version": "21.13.4"
},
{
"status": "affected",
"version": "21.13.10"
},
{
"status": "affected",
"version": "21.13.11"
},
{
"status": "affected",
"version": "21.13.12"
},
{
"status": "affected",
"version": "21.13.13"
},
{
"status": "affected",
"version": "21.13.14"
},
{
"status": "affected",
"version": "21.13.15"
},
{
"status": "affected",
"version": "21.13.16"
},
{
"status": "affected",
"version": "21.13.17"
},
{
"status": "affected",
"version": "21.13.18"
},
{
"status": "affected",
"version": "21.13.19"
},
{
"status": "affected",
"version": "21.13.20"
},
{
"status": "affected",
"version": "21.13.5"
},
{
"status": "affected",
"version": "21.13.6"
},
{
"status": "affected",
"version": "21.13.7"
},
{
"status": "affected",
"version": "21.13.8"
},
{
"status": "affected",
"version": "21.13.9"
},
{
"status": "affected",
"version": "21.13.21"
},
{
"status": "affected",
"version": "21.14.0"
},
{
"status": "affected",
"version": "21.14.1"
},
{
"status": "affected",
"version": "21.14.10"
},
{
"status": "affected",
"version": "21.14.11"
},
{
"status": "affected",
"version": "21.14.12"
},
{
"status": "affected",
"version": "21.14.16"
},
{
"status": "affected",
"version": "21.14.17"
},
{
"status": "affected",
"version": "21.14.19"
},
{
"status": "affected",
"version": "21.14.2"
},
{
"status": "affected",
"version": "21.14.20"
},
{
"status": "affected",
"version": "21.14.3"
},
{
"status": "affected",
"version": "21.14.4"
},
{
"status": "affected",
"version": "21.14.5"
},
{
"status": "affected",
"version": "21.14.6"
},
{
"status": "affected",
"version": "21.14.7"
},
{
"status": "affected",
"version": "21.14.8"
},
{
"status": "affected",
"version": "21.14.9"
},
{
"status": "affected",
"version": "21.14.b12"
},
{
"status": "affected",
"version": "21.14.b13"
},
{
"status": "affected",
"version": "21.14.b14"
},
{
"status": "affected",
"version": "21.14.b15"
},
{
"status": "affected",
"version": "21.14.b17"
},
{
"status": "affected",
"version": "21.14.b18"
},
{
"status": "affected",
"version": "21.14.b19"
},
{
"status": "affected",
"version": "21.14.b20"
},
{
"status": "affected",
"version": "21.14.b21"
},
{
"status": "affected",
"version": "21.14.22"
},
{
"status": "affected",
"version": "21.14.b22"
},
{
"status": "affected",
"version": "21.14.23"
},
{
"status": "affected",
"version": "21.15.0"
},
{
"status": "affected",
"version": "21.15.1"
},
{
"status": "affected",
"version": "21.15.10"
},
{
"status": "affected",
"version": "21.15.11"
},
{
"status": "affected",
"version": "21.15.12"
},
{
"status": "affected",
"version": "21.15.13"
},
{
"status": "affected",
"version": "21.15.14"
},
{
"status": "affected",
"version": "21.15.15"
},
{
"status": "affected",
"version": "21.15.16"
},
{
"status": "affected",
"version": "21.15.17"
},
{
"status": "affected",
"version": "21.15.18"
},
{
"status": "affected",
"version": "21.15.19"
},
{
"status": "affected",
"version": "21.15.2"
},
{
"status": "affected",
"version": "21.15.20"
},
{
"status": "affected",
"version": "21.15.21"
},
{
"status": "affected",
"version": "21.15.22"
},
{
"status": "affected",
"version": "21.15.24"
},
{
"status": "affected",
"version": "21.15.25"
},
{
"status": "affected",
"version": "21.15.26"
},
{
"status": "affected",
"version": "21.15.27"
},
{
"status": "affected",
"version": "21.15.28"
},
{
"status": "affected",
"version": "21.15.29"
},
{
"status": "affected",
"version": "21.15.3"
},
{
"status": "affected",
"version": "21.15.30"
},
{
"status": "affected",
"version": "21.15.32"
},
{
"status": "affected",
"version": "21.15.33"
},
{
"status": "affected",
"version": "21.15.36"
},
{
"status": "affected",
"version": "21.15.37"
},
{
"status": "affected",
"version": "21.15.39"
},
{
"status": "affected",
"version": "21.15.4"
},
{
"status": "affected",
"version": "21.15.40"
},
{
"status": "affected",
"version": "21.15.41"
},
{
"status": "affected",
"version": "21.15.5"
},
{
"status": "affected",
"version": "21.15.6"
},
{
"status": "affected",
"version": "21.15.7"
},
{
"status": "affected",
"version": "21.15.8"
},
{
"status": "affected",
"version": "21.15.43"
},
{
"status": "affected",
"version": "21.15.45"
},
{
"status": "affected",
"version": "21.15.46"
},
{
"status": "affected",
"version": "21.15.47"
},
{
"status": "affected",
"version": "21.15.48"
},
{
"status": "affected",
"version": "21.15.51"
},
{
"status": "affected",
"version": "21.15.52"
},
{
"status": "affected",
"version": "21.15.53"
},
{
"status": "affected",
"version": "21.15.54"
},
{
"status": "affected",
"version": "21.15.55"
},
{
"status": "affected",
"version": "21.15.57"
},
{
"status": "affected",
"version": "21.15.58"
},
{
"status": "affected",
"version": "21.15.59"
},
{
"status": "affected",
"version": "21.15.60"
},
{
"status": "affected",
"version": "21.16.2"
},
{
"status": "affected",
"version": "21.16.3"
},
{
"status": "affected",
"version": "21.16.4"
},
{
"status": "affected",
"version": "21.16.5"
},
{
"status": "affected",
"version": "21.16.c10"
},
{
"status": "affected",
"version": "21.16.c11"
},
{
"status": "affected",
"version": "21.16.c12"
},
{
"status": "affected",
"version": "21.16.c13"
},
{
"status": "affected",
"version": "21.16.c9"
},
{
"status": "affected",
"version": "21.16.d0"
},
{
"status": "affected",
"version": "21.16.d1"
},
{
"status": "affected",
"version": "21.16.6"
},
{
"status": "affected",
"version": "21.16.c14"
},
{
"status": "affected",
"version": "21.16.7"
},
{
"status": "affected",
"version": "21.16.c15"
},
{
"status": "affected",
"version": "21.16.8"
},
{
"status": "affected",
"version": "21.16.c16"
},
{
"status": "affected",
"version": "21.16.10"
},
{
"status": "affected",
"version": "21.16.9"
},
{
"status": "affected",
"version": "21.16.c17"
},
{
"status": "affected",
"version": "21.16.c18"
},
{
"status": "affected",
"version": "21.16.c19"
},
{
"status": "affected",
"version": "21.17.0"
},
{
"status": "affected",
"version": "21.17.1"
},
{
"status": "affected",
"version": "21.17.2"
},
{
"status": "affected",
"version": "21.17.3"
},
{
"status": "affected",
"version": "21.17.4"
},
{
"status": "affected",
"version": "21.17.5"
},
{
"status": "affected",
"version": "21.17.6"
},
{
"status": "affected",
"version": "21.17.7"
},
{
"status": "affected",
"version": "21.17.8"
},
{
"status": "affected",
"version": "21.17.10"
},
{
"status": "affected",
"version": "21.17.11"
},
{
"status": "affected",
"version": "21.17.9"
},
{
"status": "affected",
"version": "21.17.12"
},
{
"status": "affected",
"version": "21.17.13"
},
{
"status": "affected",
"version": "21.17.14"
},
{
"status": "affected",
"version": "21.17.15"
},
{
"status": "affected",
"version": "21.17.16"
},
{
"status": "affected",
"version": "21.17.17"
},
{
"status": "affected",
"version": "21.17.18"
},
{
"status": "affected",
"version": "21.17.19"
},
{
"status": "affected",
"version": "21.18.0"
},
{
"status": "affected",
"version": "21.18.1"
},
{
"status": "affected",
"version": "21.18.2"
},
{
"status": "affected",
"version": "21.18.3"
},
{
"status": "affected",
"version": "21.18.4"
},
{
"status": "affected",
"version": "21.18.5"
},
{
"status": "affected",
"version": "21.18.11"
},
{
"status": "affected",
"version": "21.18.6"
},
{
"status": "affected",
"version": "21.18.7"
},
{
"status": "affected",
"version": "21.18.8"
},
{
"status": "affected",
"version": "21.18.9"
},
{
"status": "affected",
"version": "21.18.12"
},
{
"status": "affected",
"version": "21.18.13"
},
{
"status": "affected",
"version": "21.18.14"
},
{
"status": "affected",
"version": "21.18.15"
},
{
"status": "affected",
"version": "21.18.16"
},
{
"status": "affected",
"version": "21.18.17"
},
{
"status": "affected",
"version": "21.18.18"
},
{
"status": "affected",
"version": "21.18.19"
},
{
"status": "affected",
"version": "21.18.20"
},
{
"status": "affected",
"version": "21.18.21"
},
{
"status": "affected",
"version": "21.18.22"
},
{
"status": "affected",
"version": "21.18.23"
},
{
"status": "affected",
"version": "21.18.24"
},
{
"status": "affected",
"version": "21.18.25"
},
{
"status": "affected",
"version": "21.18.26"
},
{
"status": "affected",
"version": "21.19.0"
},
{
"status": "affected",
"version": "21.19.1"
},
{
"status": "affected",
"version": "21.19.2"
},
{
"status": "affected",
"version": "21.19.3"
},
{
"status": "affected",
"version": "21.19.n2"
},
{
"status": "affected",
"version": "21.19.4"
},
{
"status": "affected",
"version": "21.19.5"
},
{
"status": "affected",
"version": "21.19.n3"
},
{
"status": "affected",
"version": "21.19.n4"
},
{
"status": "affected",
"version": "21.19.6"
},
{
"status": "affected",
"version": "21.19.7"
},
{
"status": "affected",
"version": "21.19.8"
},
{
"status": "affected",
"version": "21.19.n5"
},
{
"status": "affected",
"version": "21.19.10"
},
{
"status": "affected",
"version": "21.19.9"
},
{
"status": "affected",
"version": "21.19.n6"
},
{
"status": "affected",
"version": "21.19.n7"
},
{
"status": "affected",
"version": "21.19.n8"
},
{
"status": "affected",
"version": "21.19.11"
},
{
"status": "affected",
"version": "21.19.n10"
},
{
"status": "affected",
"version": "21.19.n11"
},
{
"status": "affected",
"version": "21.19.n12"
},
{
"status": "affected",
"version": "21.19.n13"
},
{
"status": "affected",
"version": "21.19.n14"
},
{
"status": "affected",
"version": "21.19.n15"
},
{
"status": "affected",
"version": "21.19.n16"
},
{
"status": "affected",
"version": "21.19.n9"
},
{
"status": "affected",
"version": "21.19.n17"
},
{
"status": "affected",
"version": "21.19.n18"
},
{
"status": "affected",
"version": "21.20.0"
},
{
"status": "affected",
"version": "21.20.1"
},
{
"status": "affected",
"version": "21.20.SV1"
},
{
"status": "affected",
"version": "21.20.SV3"
},
{
"status": "affected",
"version": "21.20.SV5"
},
{
"status": "affected",
"version": "21.20.2"
},
{
"status": "affected",
"version": "21.20.3"
},
{
"status": "affected",
"version": "21.20.4"
},
{
"status": "affected",
"version": "21.20.5"
},
{
"status": "affected",
"version": "21.20.6"
},
{
"status": "affected",
"version": "21.20.7"
},
{
"status": "affected",
"version": "21.20.8"
},
{
"status": "affected",
"version": "21.20.9"
},
{
"status": "affected",
"version": "21.20.k6"
},
{
"status": "affected",
"version": "21.20.10"
},
{
"status": "affected",
"version": "21.20.11"
},
{
"status": "affected",
"version": "21.20.k7"
},
{
"status": "affected",
"version": "21.20.u8"
},
{
"status": "affected",
"version": "21.20.12"
},
{
"status": "affected",
"version": "21.20.13"
},
{
"status": "affected",
"version": "21.20.14"
},
{
"status": "affected",
"version": "21.20.k8"
},
{
"status": "affected",
"version": "21.20.p9"
},
{
"status": "affected",
"version": "21.20.15"
},
{
"status": "affected",
"version": "21.20.16"
},
{
"status": "affected",
"version": "21.20.17"
},
{
"status": "affected",
"version": "21.20.18"
},
{
"status": "affected",
"version": "21.20.19"
},
{
"status": "affected",
"version": "21.20.20"
},
{
"status": "affected",
"version": "21.20.21"
},
{
"status": "affected",
"version": "21.20.22"
},
{
"status": "affected",
"version": "21.20.23"
},
{
"status": "affected",
"version": "21.20.24"
},
{
"status": "affected",
"version": "21.20.25"
},
{
"status": "affected",
"version": "21.20.26"
},
{
"status": "affected",
"version": "21.20.28"
},
{
"status": "affected",
"version": "21.20.29"
},
{
"status": "affected",
"version": "21.20.30"
},
{
"status": "affected",
"version": "21.20.c22"
},
{
"status": "affected",
"version": "21.20.31"
},
{
"status": "affected",
"version": "21.20.32"
},
{
"status": "affected",
"version": "21.20.33"
},
{
"status": "affected",
"version": "21.20.34"
},
{
"status": "affected",
"version": "21.20.35"
},
{
"status": "affected",
"version": "21.20.27"
},
{
"status": "affected",
"version": "21.20.SV2"
},
{
"status": "affected",
"version": "21.21.0"
},
{
"status": "affected",
"version": "21.21.1"
},
{
"status": "affected",
"version": "21.21.2"
},
{
"status": "affected",
"version": "21.21.3"
},
{
"status": "affected",
"version": "21.21.KS2"
},
{
"status": "affected",
"version": "21.22.0"
},
{
"status": "affected",
"version": "21.22.n2"
},
{
"status": "affected",
"version": "21.22.n3"
},
{
"status": "affected",
"version": "21.22.3"
},
{
"status": "affected",
"version": "21.22.4"
},
{
"status": "affected",
"version": "21.22.5"
},
{
"status": "affected",
"version": "21.22.uj3"
},
{
"status": "affected",
"version": "21.22.11"
},
{
"status": "affected",
"version": "21.22.6"
},
{
"status": "affected",
"version": "21.22.7"
},
{
"status": "affected",
"version": "21.22.8"
},
{
"status": "affected",
"version": "21.22.n4"
},
{
"status": "affected",
"version": "21.22.n5"
},
{
"status": "affected",
"version": "21.22.ua0"
},
{
"status": "affected",
"version": "21.22.ua2"
},
{
"status": "affected",
"version": "21.22.ua3"
},
{
"status": "affected",
"version": "21.22.ua5"
},
{
"status": "affected",
"version": "21.22.12"
},
{
"status": "affected",
"version": "21.22.13"
},
{
"status": "affected",
"version": "21.22.n10"
},
{
"status": "affected",
"version": "21.22.n11"
},
{
"status": "affected",
"version": "21.22.n12"
},
{
"status": "affected",
"version": "21.22.n6"
},
{
"status": "affected",
"version": "21.22.n7"
},
{
"status": "affected",
"version": "21.22.n8"
},
{
"status": "affected",
"version": "21.22.n9"
},
{
"status": "affected",
"version": "21.22.n13"
},
{
"status": "affected",
"version": "21.23.0"
},
{
"status": "affected",
"version": "21.23.1"
},
{
"status": "affected",
"version": "21.23.10"
},
{
"status": "affected",
"version": "21.23.11"
},
{
"status": "affected",
"version": "21.23.12"
},
{
"status": "affected",
"version": "21.23.13"
},
{
"status": "affected",
"version": "21.23.14"
},
{
"status": "affected",
"version": "21.23.15"
},
{
"status": "affected",
"version": "21.23.16"
},
{
"status": "affected",
"version": "21.23.17"
},
{
"status": "affected",
"version": "21.23.2"
},
{
"status": "affected",
"version": "21.23.3"
},
{
"status": "affected",
"version": "21.23.4"
},
{
"status": "affected",
"version": "21.23.5"
},
{
"status": "affected",
"version": "21.23.6"
},
{
"status": "affected",
"version": "21.23.7"
},
{
"status": "affected",
"version": "21.23.8"
},
{
"status": "affected",
"version": "21.23.9"
},
{
"status": "affected",
"version": "21.23.b2"
},
{
"status": "affected",
"version": "21.23.b3"
},
{
"status": "affected",
"version": "21.23.c16"
},
{
"status": "affected",
"version": "21.23.c17"
},
{
"status": "affected",
"version": "21.23.n6"
},
{
"status": "affected",
"version": "21.23.n7"
},
{
"status": "affected",
"version": "21.23.n9"
},
{
"status": "affected",
"version": "21.23.18"
},
{
"status": "affected",
"version": "21.23.19"
},
{
"status": "affected",
"version": "21.23.21"
},
{
"status": "affected",
"version": "21.23.22"
},
{
"status": "affected",
"version": "21.23.23"
},
{
"status": "affected",
"version": "21.23.24"
},
{
"status": "affected",
"version": "21.23.25"
},
{
"status": "affected",
"version": "21.23.26"
},
{
"status": "affected",
"version": "21.23.27"
},
{
"status": "affected",
"version": "21.23.29"
},
{
"status": "affected",
"version": "21.23.30"
},
{
"status": "affected",
"version": "21.23.c18"
},
{
"status": "affected",
"version": "21.23.n10"
},
{
"status": "affected",
"version": "21.23.n11"
},
{
"status": "affected",
"version": "21.23.n8"
},
{
"status": "affected",
"version": "21.23.yn14"
},
{
"status": "affected",
"version": "21.24.0"
},
{
"status": "affected",
"version": "21.24.1"
},
{
"status": "affected",
"version": "21.24.2"
},
{
"status": "affected",
"version": "21.24.3"
},
{
"status": "affected",
"version": "21.25.0"
},
{
"status": "affected",
"version": "21.25.3"
},
{
"status": "affected",
"version": "21.25.4"
},
{
"status": "affected",
"version": "21.25.5"
},
{
"status": "affected",
"version": "21.25.10"
},
{
"status": "affected",
"version": "21.25.11"
},
{
"status": "affected",
"version": "21.25.12"
},
{
"status": "affected",
"version": "21.25.13"
},
{
"status": "affected",
"version": "21.25.14"
},
{
"status": "affected",
"version": "21.25.6"
},
{
"status": "affected",
"version": "21.25.7"
},
{
"status": "affected",
"version": "21.25.8"
},
{
"status": "affected",
"version": "21.25.9"
},
{
"status": "affected",
"version": "21.26.0"
},
{
"status": "affected",
"version": "21.26.1"
},
{
"status": "affected",
"version": "21.26.10"
},
{
"status": "affected",
"version": "21.26.13"
},
{
"status": "affected",
"version": "21.26.14"
},
{
"status": "affected",
"version": "21.26.15"
},
{
"status": "affected",
"version": "21.26.3"
},
{
"status": "affected",
"version": "21.26.5"
},
{
"status": "affected",
"version": "21.26.6"
},
{
"status": "affected",
"version": "21.26.7"
},
{
"status": "affected",
"version": "21.26.17"
},
{
"status": "affected",
"version": "21.27.0"
},
{
"status": "affected",
"version": "21.27.1"
},
{
"status": "affected",
"version": "21.27.2"
},
{
"status": "affected",
"version": "21.27.3"
},
{
"status": "affected",
"version": "21.27.4"
},
{
"status": "affected",
"version": "21.27.5"
},
{
"status": "affected",
"version": "21.27.m0"
},
{
"status": "affected",
"version": "21.28.0"
},
{
"status": "affected",
"version": "21.28.1"
},
{
"status": "affected",
"version": "21.28.2"
},
{
"status": "affected",
"version": "21.28.m0"
},
{
"status": "affected",
"version": "21.28.m1"
},
{
"status": "affected",
"version": "21.28.m2"
},
{
"status": "affected",
"version": "21.28.m3"
}
]
},
{
"product": "Cisco Ultra Cloud Core - User Plane Function",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-289",
"description": "Authentication Bypass by Alternate Name",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:38.039Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
}
],
"source": {
"advisory": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
"defects": [
"CSCwd89468"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20046",
"datePublished": "2023-05-09T13:06:10.748Z",
"dateReserved": "2022-10-27T18:47:50.317Z",
"dateUpdated": "2024-08-02T08:57:35.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…