A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCisco Asr 5000
HWCiscowszystkie wersjeCisco Asr 5500
HWCiscowszystkie wersjeCisco Asr 5700
HWCiscowszystkie wersjeCisco Staros
OSCisco21.23.n21.2421.27.m21.28.m< 21.22.1421.23.0 – 21.23.31 (bez)21.25.0 – 21.25.15 (bez)21.26.0 – 21.26.17 (bez)21.27.0 – 21.27.6 (bez)21.28.0 – 21.28.3 (bez)Cisco Vpc Di
HWCiscowszystkie wersjeCisco Vpc Si
HWCiscowszystkie wersje
Powiązane podatności
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco...
Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow a...
Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow a...
A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running o...