CLI Command Injection Vulnerability in Cisco ASR 5000 Series Routers
CVE-2018-0122

4.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Staros For Cisco Asr 5000 Series Aggregation Services Routers
Vendor
CVE Published:
8 February 2018

Summary

A security flaw in the command-line interface (CLI) of Cisco's StarOS operating system for the ASR 5000 Series Routers permits authenticated local attackers to overwrite important system files. This vulnerability stems from inadequate validation of user input handled by the CLI. By crafting malicious command arguments, an attacker can exploit this vulnerability, provided they have valid administrator credentials to access the affected system. Successful exploitation grants the ability to modify or replace arbitrary files stored in the system's flash memory, posing a significant risk to system integrity.

Affected Version(s)

Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers

References

http://www.securitytracker.com/id/1040340
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/103028
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.