Command Injection Vulnerability in Cisco ASR 5000 Series Routers
CVE-2018-0217

6.7MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Staros
Vendor
CVE Published:
8 March 2018

Summary

A command injection vulnerability exists in the Command Line Interface (CLI) of Cisco StarOS for ASR 5000 Series Routers. This issue arises from insufficient validation of user-supplied commands in the CLI, which could be exploited by an authenticated local attacker. By injecting malicious arguments into CLI commands, the attacker could execute arbitrary commands within the context of the system. Successful exploitation requires valid administrator credentials, making it crucial for organizations to implement stringent access controls and monitoring on their systems.

Affected Version(s)

Cisco StarOS Cisco StarOS

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103346
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040466
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.