SSH Privilege Escalation in Cisco StarOS on ASR 5000 Devices
CVE-2016-1335

7.5HIGH

Key Information:

Vendor: Cisco
Status: Asr 5000 Series Software
Vendor: CVE Published:; 19 February 2016

What is CVE-2016-1335?

The SSH implementation in Cisco StarOS versions prior to 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices contains a vulnerability that mishandles multi-user public-key authentication. This misconfiguration allows remote authenticated users to exploit previously established connections from administrator endpoints, potentially gaining elevated privileges and compromising device security. Proper configuration and updates are essential to mitigate this vulnerability effectively.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1035062

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2016
Vulnerability Reserved
Jan 4, 2016