Privilege Escalation Vulnerability in Cisco ASR 5000/5500/5700 Series and Virtualized Packet Core
CVE-2017-3819

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Staros
Vendor
CVE Published:
15 March 2017

Summary

A privilege escalation vulnerability exists in the SSH subsystem of StarOS, affecting Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series, and Virtualized Packet Core devices. This vulnerability arises from inadequate input validation of SSH/SFTP login parameters. An authenticated remote attacker can exploit this weakness by using crafted user input during the SSH or SFTP login process, potentially gaining unrestricted root shell access. It's important to note that only traffic directed to the affected devices can be leveraged for exploitation, and this can occur over both IPv4 and IPv6. An active TCP connection to the SSH default port (22) is essential for the attack to succeed. Valid credentials are required for the attacker to log in via SSH or SFTP.

Affected Version(s)

Cisco StarOS Cisco StarOS

References

http://www.securityfocus.com/bid/96913
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038050
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.