cve-2017-3819
Vulnerability from cvelistv5
Published
2017-03-15 20:00
Modified
2024-08-05 14:39
Severity ?
Summary
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/96913Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1038050
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96913Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038050
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asrVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96913",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96913"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"
          },
          {
            "name": "1038050",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038050"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2017-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "Privilege Escalation Vulnerability CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-11T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "96913",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96913"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"
        },
        {
          "name": "1038050",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038050"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3819",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation Vulnerability CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96913",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96913"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"
            },
            {
              "name": "1038050",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038050"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3819",
    "datePublished": "2017-03-15T20:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79B57288-1315-4FE2-98EC-3BA853B153FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.57828:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D42B4015-BE1D-4331-94F8-BE09C97C3577\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59167:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FDD7437-E7C1-431F-933C-D1D861B22570\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59211:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"200B5C31-A417-4E1C-8DEA-BAEBE9ED2385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.0.l0.59219:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92C13FB6-82A5-48B1-B88A-34FB9C6E76F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F411E10A-D6D2-4A20-80AD-A274A91BB16F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59776:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAF3CC6F-A983-4199-BF06-8D10DB7811AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59780:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"923253CB-11EF-4081-8748-DEC92E91C7CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.1_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56B5F97D-7AD7-4E62-82CC-685ACC732437\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD5B5E37-D630-4BE5-A23C-65D5C6C8BBA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.3_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E83AF5F-D4F3-46EB-ABED-EC6A64CF1C0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:18.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91A9DF64-3AF6-4DA7-B97C-34D8D502C4E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"701EB7E5-C0D8-4946-AECD-276131896091\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60737:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE570D8B-CFFE-4BCC-B93B-C0E78C44E49C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60828:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B759ACB4-0A70-4891-9C28-68300000AAD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.61045:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A457D1F-C1CA-43BA-8623-012BD07E468F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13B1F09F-CBAA-4CA6-AE80-F89F02876E15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.1.0.61559:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5740B38F-BBD3-499D-A8B6-685EE7D9E146\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02C994D7-9759-41F7-B672-3EC2FD8C7FA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:19.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1938A8E-8DAC-43FA-98C8-8BBEC8061701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCE327B4-D5D7-48CD-81CE-2729CA9DC7D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:virtualized_packet_core:v18.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E272EDB8-CA6A-4AC9-9BD3-7322C4A4115F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:virtualized_packet_core:v19.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E055E0A-21F4-4036-A985-3EFB1022F9E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:virtualized_packet_core:v20.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F3CA29A-DA96-4C48-8140-A73C5857DBE7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de escalada de privilegios en el subsistema Secure Shell (SSH) en el sistema operativo StarOS para dispositivos Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series y Cisco Virtualized Packet Core podr\\u00edan permitir a un atacante remoto autenticado obtener acceso no restringido al shell del root. La vulnerabilidad se debe a falta de validaci\\u00f3n de entrada de los par\\u00e1metros pasados ??durante el inicio de sesi\\u00f3n de SSH o SFTP. Un atacante podr\\u00eda explotar esta vulnerabilidad proporcionando una entrada de usuario manipulada a la interfaz de l\\u00ednea de comandos (CLI) de SSH o SFTP durante el inicio de sesi\\u00f3n de SSH o SFTP. Una explotaci\\u00f3n podr\\u00eda permitir a un atacante autenticado obtener acceso privilegiado al root en el router. Nota: S\\u00f3lo se puede utilizar tr\\u00e1fico dirigido al sistema afectado para explotar esta vulnerabilidad. Esta vulnerabilidad puede ser desencadenada a trav\\u00e9s de tr\\u00e1fico tanto IPv4 como IPv6. Se necesita una conexi\\u00f3n TCP establecida hacia el puerto 22, el puerto por defecto SSH, para realizar el ataque. El atacante debe tener credenciales v\\u00e1lidas para iniciar sesi\\u00f3n en el sistema a trav\\u00e9s de SSH o SFTP. Se ha confirmado que los siguientes productos son vulnerables: los dispositivos Cisco ASR 5000/5500/5700 que ejecutan StarOS despu\\u00e9s de 17.7.0 y anteriores a 18.7.4, 19.5 y 20.2.3 con SSH configurados son vulnerables. Los dispositivos Cisco Virtualized Packet Core - Single Instance (VPC-SI) y Distributed Instrance (VPC-DI) que ejecutan StarOS en versiones anteriores a N4.2.7 (19.3.v7) y N4.7 (20.2.v0) con SSH configurado son vulnerables. ID de errores de Cisco: CSCva65853.\"}]",
      "id": "CVE-2017-3819",
      "lastModified": "2024-11-21T03:26:10.663",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-03-15T20:59:00.147",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/96913\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038050\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/96913\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3819\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2017-03-15T20:59:00.147\",\"lastModified\":\"2024-11-21T03:26:10.663\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de escalada de privilegios en el subsistema Secure Shell (SSH) en el sistema operativo StarOS para dispositivos Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series y Cisco Virtualized Packet Core podr\u00edan permitir a un atacante remoto autenticado obtener acceso no restringido al shell del root. La vulnerabilidad se debe a falta de validaci\u00f3n de entrada de los par\u00e1metros pasados ??durante el inicio de sesi\u00f3n de SSH o SFTP. Un atacante podr\u00eda explotar esta vulnerabilidad proporcionando una entrada de usuario manipulada a la interfaz de l\u00ednea de comandos (CLI) de SSH o SFTP durante el inicio de sesi\u00f3n de SSH o SFTP. Una explotaci\u00f3n podr\u00eda permitir a un atacante autenticado obtener acceso privilegiado al root en el router. Nota: S\u00f3lo se puede utilizar tr\u00e1fico dirigido al sistema afectado para explotar esta vulnerabilidad. Esta vulnerabilidad puede ser desencadenada a trav\u00e9s de tr\u00e1fico tanto IPv4 como IPv6. Se necesita una conexi\u00f3n TCP establecida hacia el puerto 22, el puerto por defecto SSH, para realizar el ataque. El atacante debe tener credenciales v\u00e1lidas para iniciar sesi\u00f3n en el sistema a trav\u00e9s de SSH o SFTP. Se ha confirmado que los siguientes productos son vulnerables: los dispositivos Cisco ASR 5000/5500/5700 que ejecutan StarOS despu\u00e9s de 17.7.0 y anteriores a 18.7.4, 19.5 y 20.2.3 con SSH configurados son vulnerables. Los dispositivos Cisco Virtualized Packet Core - Single Instance (VPC-SI) y Distributed Instrance (VPC-DI) que ejecutan StarOS en versiones anteriores a N4.2.7 (19.3.v7) y N4.7 (20.2.v0) con SSH configurado son vulnerables. ID de errores de Cisco: CSCva65853.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79B57288-1315-4FE2-98EC-3BA853B153FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.57828:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D42B4015-BE1D-4331-94F8-BE09C97C3577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59167:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FDD7437-E7C1-431F-933C-D1D861B22570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59211:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200B5C31-A417-4E1C-8DEA-BAEBE9ED2385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.0.l0.59219:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92C13FB6-82A5-48B1-B88A-34FB9C6E76F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F411E10A-D6D2-4A20-80AD-A274A91BB16F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59776:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAF3CC6F-A983-4199-BF06-8D10DB7811AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59780:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"923253CB-11EF-4081-8748-DEC92E91C7CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.1_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56B5F97D-7AD7-4E62-82CC-685ACC732437\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD5B5E37-D630-4BE5-A23C-65D5C6C8BBA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.3_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E83AF5F-D4F3-46EB-ABED-EC6A64CF1C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:18.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91A9DF64-3AF6-4DA7-B97C-34D8D502C4E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"701EB7E5-C0D8-4946-AECD-276131896091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60737:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE570D8B-CFFE-4BCC-B93B-C0E78C44E49C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60828:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B759ACB4-0A70-4891-9C28-68300000AAD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.61045:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A457D1F-C1CA-43BA-8623-012BD07E468F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13B1F09F-CBAA-4CA6-AE80-F89F02876E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.1.0.61559:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5740B38F-BBD3-499D-A8B6-685EE7D9E146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C994D7-9759-41F7-B672-3EC2FD8C7FA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:19.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1938A8E-8DAC-43FA-98C8-8BBEC8061701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE327B4-D5D7-48CD-81CE-2729CA9DC7D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:virtualized_packet_core:v18.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E272EDB8-CA6A-4AC9-9BD3-7322C4A4115F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:virtualized_packet_core:v19.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E055E0A-21F4-4036-A985-3EFB1022F9E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:virtualized_packet_core:v20.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F3CA29A-DA96-4C48-8140-A73C5857DBE7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96913\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038050\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.