CVE-2018-0115 - OpenCVE

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Asr 5000 Asr 5500 Asr 5700 Staros

Configuration 1 [-]

AND

cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr_5000:-:::::::*
	cpe:2.3:h:cisco:asr_5500:-:::::::*
	cpe:2.3:h:cisco:asr_5700:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102788
http://www.securitytracker.com/id/1040239
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-01-18T06:00:00

Updated: 2024-08-05T03:14:16.862Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0115

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-01-18T06:29:01.533

Modified: 2019-10-09T23:31:16.003

Link: CVE-2018-0115

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco StarOS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco StarOS"}]}], "datePublic": "2018-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-01-25T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1040239", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040239"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"}, {"name": "102788", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102788"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco StarOS", "version": {"version_data": [{"version_value": "Cisco StarOS"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78"}]}]}, "references": {"reference_data": [{"name": "1040239", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040239"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"}, {"name": "102788", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102788"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.862Z"}, "title": "CVE Program Container", "references": [{"name": "1040239", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040239"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"}, {"name": "102788", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102788"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0115", "datePublished": "2018-01-18T06:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T03:14:16.862Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "matchCriteriaId": "525B2F5E-1115-4523-B8CF-63F323D3F701", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*", "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332."}, {"lang": "es", "value": "Una vulnerabilidad en el CLI del sistema operativo Cisco StarOS para routers Cisco ASR 5000 Series podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios con privilegios root en un sistema operativo del host afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de las entradas realizadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad inyectando argumentos de comando maliciosos en una comando de interfaz de l\u00ednea de comandos vulnerable. Un exploit con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios con privilegios root. Para explotar esta vulnerabilidad, el atacante necesitar\u00eda autenticarse en el sistema afectado empleando credenciales de administrador v\u00e1lidas. Cisco Bug IDs: CSCvf93332."}], "id": "CVE-2018-0115", "lastModified": "2019-10-09T23:31:16.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-18T06:29:01.533", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102788"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040239"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}