OpenCVE

Vendors	Products
Cisco	Asr 5000 Series Software Virtualized Packet Core

Link	Providers
http://www.securityfocus.com/bid/96913
http://www.securitytracker.com/id/1038050
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr

{"containers": {"cna": {"affected": [{"product": "Cisco StarOS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco StarOS"}]}], "datePublic": "2017-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "Privilege Escalation Vulnerability CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "96913", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96913"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"}, {"name": "1038050", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038050"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-3819", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco StarOS", "version": {"version_data": [{"version_value": "Cisco StarOS"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation Vulnerability CWE-264"}]}]}, "references": {"reference_data": [{"name": "96913", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96913"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"}, {"name": "1038050", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038050"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.048Z"}, "title": "CVE Program Container", "references": [{"name": "96913", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96913"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"}, {"name": "1038050", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038050"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-3819", "datePublished": "2017-03-15T20:00:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2024-08-05T14:39:41.048Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "79B57288-1315-4FE2-98EC-3BA853B153FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.57828:*:*:*:*:*:*:*", "matchCriteriaId": "D42B4015-BE1D-4331-94F8-BE09C97C3577", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59167:*:*:*:*:*:*:*", "matchCriteriaId": "6FDD7437-E7C1-431F-933C-D1D861B22570", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59211:*:*:*:*:*:*:*", "matchCriteriaId": "200B5C31-A417-4E1C-8DEA-BAEBE9ED2385", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.0.l0.59219:*:*:*:*:*:*:*", "matchCriteriaId": "92C13FB6-82A5-48B1-B88A-34FB9C6E76F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F411E10A-D6D2-4A20-80AD-A274A91BB16F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59776:*:*:*:*:*:*:*", "matchCriteriaId": "CAF3CC6F-A983-4199-BF06-8D10DB7811AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.1.0.59780:*:*:*:*:*:*:*", "matchCriteriaId": "923253CB-11EF-4081-8748-DEC92E91C7CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.1_base:*:*:*:*:*:*:*", "matchCriteriaId": "56B5F97D-7AD7-4E62-82CC-685ACC732437", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD5B5E37-D630-4BE5-A23C-65D5C6C8BBA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.3_base:*:*:*:*:*:*:*", "matchCriteriaId": "6E83AF5F-D4F3-46EB-ABED-EC6A64CF1C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:18.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "91A9DF64-3AF6-4DA7-B97C-34D8D502C4E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "701EB7E5-C0D8-4946-AECD-276131896091", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60737:*:*:*:*:*:*:*", "matchCriteriaId": "CE570D8B-CFFE-4BCC-B93B-C0E78C44E49C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.60828:*:*:*:*:*:*:*", "matchCriteriaId": "B759ACB4-0A70-4891-9C28-68300000AAD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.0.m0.61045:*:*:*:*:*:*:*", "matchCriteriaId": "6A457D1F-C1CA-43BA-8623-012BD07E468F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "13B1F09F-CBAA-4CA6-AE80-F89F02876E15", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.1.0.61559:*:*:*:*:*:*:*", "matchCriteriaId": "5740B38F-BBD3-499D-A8B6-685EE7D9E146", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "02C994D7-9759-41F7-B672-3EC2FD8C7FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1938A8E-8DAC-43FA-98C8-8BBEC8061701", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCE327B4-D5D7-48CD-81CE-2729CA9DC7D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:virtualized_packet_core:v18.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "E272EDB8-CA6A-4AC9-9BD3-7322C4A4115F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:virtualized_packet_core:v19.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "2E055E0A-21F4-4036-A985-3EFB1022F9E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:virtualized_packet_core:v20.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "9F3CA29A-DA96-4C48-8140-A73C5857DBE7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853."}, {"lang": "es", "value": "Una vulnerabilidad de escalada de privilegios en el subsistema Secure Shell (SSH) en el sistema operativo StarOS para dispositivos Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series y Cisco Virtualized Packet Core podr\u00edan permitir a un atacante remoto autenticado obtener acceso no restringido al shell del root. La vulnerabilidad se debe a falta de validaci\u00f3n de entrada de los par\u00e1metros pasados ??durante el inicio de sesi\u00f3n de SSH o SFTP. Un atacante podr\u00eda explotar esta vulnerabilidad proporcionando una entrada de usuario manipulada a la interfaz de l\u00ednea de comandos (CLI) de SSH o SFTP durante el inicio de sesi\u00f3n de SSH o SFTP. Una explotaci\u00f3n podr\u00eda permitir a un atacante autenticado obtener acceso privilegiado al root en el router. Nota: S\u00f3lo se puede utilizar tr\u00e1fico dirigido al sistema afectado para explotar esta vulnerabilidad. Esta vulnerabilidad puede ser desencadenada a trav\u00e9s de tr\u00e1fico tanto IPv4 como IPv6. Se necesita una conexi\u00f3n TCP establecida hacia el puerto 22, el puerto por defecto SSH, para realizar el ataque. El atacante debe tener credenciales v\u00e1lidas para iniciar sesi\u00f3n en el sistema a trav\u00e9s de SSH o SFTP. Se ha confirmado que los siguientes productos son vulnerables: los dispositivos Cisco ASR 5000/5500/5700 que ejecutan StarOS despu\u00e9s de 17.7.0 y anteriores a 18.7.4, 19.5 y 20.2.3 con SSH configurados son vulnerables. Los dispositivos Cisco Virtualized Packet Core - Single Instance (VPC-SI) y Distributed Instrance (VPC-DI) que ejecutan StarOS en versiones anteriores a N4.2.7 (19.3.v7) y N4.7 (20.2.v0) con SSH configurado son vulnerables. ID de errores de Cisco: CSCva65853."}], "id": "CVE-2017-3819", "lastModified": "2024-11-21T03:26:10.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-15T20:59:00.147", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96913"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1038050"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object