OpenCVE

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Asr 5000 Asr 5500 Asr 5700 Staros Vpc-di Vpc-si

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:staros::::::::
	cpe:2.3:o:cisco:staros::::::::
	cpe:2.3:o:cisco:staros::::::::
	cpe:2.3:o:cisco:staros::::::::
	cpe:2.3:o:cisco:staros::::::::
	cpe:2.3:o:cisco:staros::::::::
	cpe:2.3:o:cisco:staros:21.23.n:::::::*
	cpe:2.3:o:cisco:staros:21.24:::::::*
	cpe:2.3:o:cisco:staros:21.27.m:::::::*
	cpe:2.3:o:cisco:staros:21.28.m:::::::*

OR	cpe:2.3:h:cisco:asr_5000:-:::::::*
	cpe:2.3:h:cisco:asr_5500:-:::::::*
	cpe:2.3:h:cisco:asr_5700:-:::::::*
	cpe:2.3:h:cisco:vpc-di:-:::::::*
	cpe:2.3:h:cisco:vpc-si:-:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-05-09T13:06:10.748Z

Updated: 2024-08-02T08:57:35.853Z

Reserved: 2022-10-27T18:47:50.317Z

Link: CVE-2023-20046

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-09T18:15:11.697

Modified: 2024-11-21T07:40:25.733

Link: CVE-2023-20046

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20046", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.317Z", "datePublished": "2023-05-09T13:06:10.748Z", "dateUpdated": "2024-08-02T08:57:35.853Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:38.039Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability."}], "affected": [{"vendor": "Cisco", "product": "Cisco ASR 5000 Series Software", "versions": [{"version": "21.11.0", "status": "affected"}, {"version": "21.11.1", "status": "affected"}, {"version": "21.11.2", "status": "affected"}, {"version": "21.11.3", "status": "affected"}, {"version": "21.11.10", "status": "affected"}, {"version": "21.11.11", "status": "affected"}, {"version": "21.11.12", "status": "affected"}, {"version": "21.11.13", "status": "affected"}, {"version": "21.11.14", "status": "affected"}, {"version": "21.11.4", "status": "affected"}, {"version": "21.11.5", "status": "affected"}, {"version": "21.11.6", "status": "affected"}, {"version": "21.11.7", "status": "affected"}, {"version": "21.11.8", "status": "affected"}, {"version": "21.11.9", "status": "affected"}, {"version": "21.11.15", "status": "affected"}, {"version": "21.11.16", "status": "affected"}, {"version": "21.11.17", "status": "affected"}, {"version": "21.11.18", "status": "affected"}, {"version": "21.11.19", "status": "affected"}, {"version": "21.11.20", "status": "affected"}, {"version": "21.11.21", "status": "affected"}, {"version": "21.12.0", "status": "affected"}, {"version": "21.12.1", "status": "affected"}, {"version": "21.12.2", "status": "affected"}, {"version": "21.12.3", "status": "affected"}, {"version": "21.12.4", "status": "affected"}, {"version": "21.12.5", "status": "affected"}, {"version": "21.12.6", "status": "affected"}, {"version": "21.12.10", "status": "affected"}, {"version": "21.12.11", "status": "affected"}, {"version": "21.12.12", "status": "affected"}, {"version": "21.12.13", "status": "affected"}, {"version": "21.12.14", "status": "affected"}, {"version": "21.12.16", "status": "affected"}, {"version": "21.12.17", "status": "affected"}, {"version": "21.12.18", "status": "affected"}, {"version": "21.12.7", "status": "affected"}, {"version": "21.12.8", "status": "affected"}, {"version": "21.12.9", "status": "affected"}, {"version": "21.12.19", "status": "affected"}, {"version": "21.12.20", "status": "affected"}, {"version": "21.12.21", "status": "affected"}, {"version": "21.12.22", "status": "affected"}, {"version": "21.12.15", "status": "affected"}, {"version": "21.13.0", "status": "affected"}, {"version": "21.13.1", "status": "affected"}, {"version": "21.13.2", "status": "affected"}, {"version": "21.13.3", "status": "affected"}, {"version": "21.13.4", "status": "affected"}, {"version": "21.13.10", "status": "affected"}, {"version": "21.13.11", "status": "affected"}, {"version": "21.13.12", "status": "affected"}, {"version": "21.13.13", "status": "affected"}, {"version": "21.13.14", "status": "affected"}, {"version": "21.13.15", "status": "affected"}, {"version": "21.13.16", "status": "affected"}, {"version": "21.13.17", "status": "affected"}, {"version": "21.13.18", "status": "affected"}, {"version": "21.13.19", "status": "affected"}, {"version": "21.13.20", "status": "affected"}, {"version": "21.13.5", "status": "affected"}, {"version": "21.13.6", "status": "affected"}, {"version": "21.13.7", "status": "affected"}, {"version": "21.13.8", "status": "affected"}, {"version": "21.13.9", "status": "affected"}, {"version": "21.13.21", "status": "affected"}, {"version": "21.14.0", "status": "affected"}, {"version": "21.14.1", "status": "affected"}, {"version": "21.14.10", "status": "affected"}, {"version": "21.14.11", "status": "affected"}, {"version": "21.14.12", "status": "affected"}, {"version": "21.14.16", "status": "affected"}, {"version": "21.14.17", "status": "affected"}, {"version": "21.14.19", "status": "affected"}, {"version": "21.14.2", "status": "affected"}, {"version": "21.14.20", "status": "affected"}, {"version": "21.14.3", "status": "affected"}, {"version": "21.14.4", "status": "affected"}, {"version": "21.14.5", "status": "affected"}, {"version": "21.14.6", "status": "affected"}, {"version": "21.14.7", "status": "affected"}, {"version": "21.14.8", "status": "affected"}, {"version": "21.14.9", "status": "affected"}, {"version": "21.14.b12", "status": "affected"}, {"version": "21.14.b13", "status": "affected"}, {"version": "21.14.b14", "status": "affected"}, {"version": "21.14.b15", "status": "affected"}, {"version": "21.14.b17", "status": "affected"}, {"version": "21.14.b18", "status": "affected"}, {"version": "21.14.b19", "status": "affected"}, {"version": "21.14.b20", "status": "affected"}, {"version": "21.14.b21", "status": "affected"}, {"version": "21.14.22", "status": "affected"}, {"version": "21.14.b22", "status": "affected"}, {"version": "21.14.23", "status": "affected"}, {"version": "21.15.0", "status": "affected"}, {"version": "21.15.1", "status": "affected"}, {"version": "21.15.10", "status": "affected"}, {"version": "21.15.11", "status": "affected"}, {"version": "21.15.12", "status": "affected"}, {"version": "21.15.13", "status": "affected"}, {"version": "21.15.14", "status": "affected"}, {"version": "21.15.15", "status": "affected"}, {"version": "21.15.16", "status": "affected"}, {"version": "21.15.17", "status": "affected"}, {"version": "21.15.18", "status": "affected"}, {"version": "21.15.19", "status": "affected"}, {"version": "21.15.2", "status": "affected"}, {"version": "21.15.20", "status": "affected"}, {"version": "21.15.21", "status": "affected"}, {"version": "21.15.22", "status": "affected"}, {"version": "21.15.24", "status": "affected"}, {"version": "21.15.25", "status": "affected"}, {"version": "21.15.26", "status": "affected"}, {"version": "21.15.27", "status": "affected"}, {"version": "21.15.28", "status": "affected"}, {"version": "21.15.29", "status": "affected"}, {"version": "21.15.3", "status": "affected"}, {"version": "21.15.30", "status": "affected"}, {"version": "21.15.32", "status": "affected"}, {"version": "21.15.33", "status": "affected"}, {"version": "21.15.36", "status": "affected"}, {"version": "21.15.37", "status": "affected"}, {"version": "21.15.39", "status": "affected"}, {"version": "21.15.4", "status": "affected"}, {"version": "21.15.40", "status": "affected"}, {"version": "21.15.41", "status": "affected"}, {"version": "21.15.5", "status": "affected"}, {"version": "21.15.6", "status": "affected"}, {"version": "21.15.7", "status": "affected"}, {"version": "21.15.8", "status": "affected"}, {"version": "21.15.43", "status": "affected"}, {"version": "21.15.45", "status": "affected"}, {"version": "21.15.46", "status": "affected"}, {"version": "21.15.47", "status": "affected"}, {"version": "21.15.48", "status": "affected"}, {"version": "21.15.51", "status": "affected"}, {"version": "21.15.52", "status": "affected"}, {"version": "21.15.53", "status": "affected"}, {"version": "21.15.54", "status": "affected"}, {"version": "21.15.55", "status": "affected"}, {"version": "21.15.57", "status": "affected"}, {"version": "21.15.58", "status": "affected"}, {"version": "21.15.59", "status": "affected"}, {"version": "21.15.60", "status": "affected"}, {"version": "21.16.2", "status": "affected"}, {"version": "21.16.3", "status": "affected"}, {"version": "21.16.4", "status": "affected"}, {"version": "21.16.5", "status": "affected"}, {"version": "21.16.c10", "status": "affected"}, {"version": "21.16.c11", "status": "affected"}, {"version": "21.16.c12", "status": "affected"}, {"version": "21.16.c13", "status": "affected"}, {"version": "21.16.c9", "status": "affected"}, {"version": "21.16.d0", "status": "affected"}, {"version": "21.16.d1", "status": "affected"}, {"version": "21.16.6", "status": "affected"}, {"version": "21.16.c14", "status": "affected"}, {"version": "21.16.7", "status": "affected"}, {"version": "21.16.c15", "status": "affected"}, {"version": "21.16.8", "status": "affected"}, {"version": "21.16.c16", "status": "affected"}, {"version": "21.16.10", "status": "affected"}, {"version": "21.16.9", "status": "affected"}, {"version": "21.16.c17", "status": "affected"}, {"version": "21.16.c18", "status": "affected"}, {"version": "21.16.c19", "status": "affected"}, {"version": "21.17.0", "status": "affected"}, {"version": "21.17.1", "status": "affected"}, {"version": "21.17.2", "status": "affected"}, {"version": "21.17.3", "status": "affected"}, {"version": "21.17.4", "status": "affected"}, {"version": "21.17.5", "status": "affected"}, {"version": "21.17.6", "status": "affected"}, {"version": "21.17.7", "status": "affected"}, {"version": "21.17.8", "status": "affected"}, {"version": "21.17.10", "status": "affected"}, {"version": "21.17.11", "status": "affected"}, {"version": "21.17.9", "status": "affected"}, {"version": "21.17.12", "status": "affected"}, {"version": "21.17.13", "status": "affected"}, {"version": "21.17.14", "status": "affected"}, {"version": "21.17.15", "status": "affected"}, {"version": "21.17.16", "status": "affected"}, {"version": "21.17.17", "status": "affected"}, {"version": "21.17.18", "status": "affected"}, {"version": "21.17.19", "status": "affected"}, {"version": "21.18.0", "status": "affected"}, {"version": "21.18.1", "status": "affected"}, {"version": "21.18.2", "status": "affected"}, {"version": "21.18.3", "status": "affected"}, {"version": "21.18.4", "status": "affected"}, {"version": "21.18.5", "status": "affected"}, {"version": "21.18.11", "status": "affected"}, {"version": "21.18.6", "status": "affected"}, {"version": "21.18.7", "status": "affected"}, {"version": "21.18.8", "status": "affected"}, {"version": "21.18.9", "status": "affected"}, {"version": "21.18.12", "status": "affected"}, {"version": "21.18.13", "status": "affected"}, {"version": "21.18.14", "status": "affected"}, {"version": "21.18.15", "status": "affected"}, {"version": "21.18.16", "status": "affected"}, {"version": "21.18.17", "status": "affected"}, {"version": "21.18.18", "status": "affected"}, {"version": "21.18.19", "status": "affected"}, {"version": "21.18.20", "status": "affected"}, {"version": "21.18.21", "status": "affected"}, {"version": "21.18.22", "status": "affected"}, {"version": "21.18.23", "status": "affected"}, {"version": "21.18.24", "status": "affected"}, {"version": "21.18.25", "status": "affected"}, {"version": "21.18.26", "status": "affected"}, {"version": "21.19.0", "status": "affected"}, {"version": "21.19.1", "status": "affected"}, {"version": "21.19.2", "status": "affected"}, {"version": "21.19.3", "status": "affected"}, {"version": "21.19.n2", "status": "affected"}, {"version": "21.19.4", "status": "affected"}, {"version": "21.19.5", "status": "affected"}, {"version": "21.19.n3", "status": "affected"}, {"version": "21.19.n4", "status": "affected"}, {"version": "21.19.6", "status": "affected"}, {"version": "21.19.7", "status": "affected"}, {"version": "21.19.8", "status": "affected"}, {"version": "21.19.n5", "status": "affected"}, {"version": "21.19.10", "status": "affected"}, {"version": "21.19.9", "status": "affected"}, {"version": "21.19.n6", "status": "affected"}, {"version": "21.19.n7", "status": "affected"}, {"version": "21.19.n8", "status": "affected"}, {"version": "21.19.11", "status": "affected"}, {"version": "21.19.n10", "status": "affected"}, {"version": "21.19.n11", "status": "affected"}, {"version": "21.19.n12", "status": "affected"}, {"version": "21.19.n13", "status": "affected"}, {"version": "21.19.n14", "status": "affected"}, {"version": "21.19.n15", "status": "affected"}, {"version": "21.19.n16", "status": "affected"}, {"version": "21.19.n9", "status": "affected"}, {"version": "21.19.n17", "status": "affected"}, {"version": "21.19.n18", "status": "affected"}, {"version": "21.20.0", "status": "affected"}, {"version": "21.20.1", "status": "affected"}, {"version": "21.20.SV1", "status": "affected"}, {"version": "21.20.SV3", "status": "affected"}, {"version": "21.20.SV5", "status": "affected"}, {"version": "21.20.2", "status": "affected"}, {"version": "21.20.3", "status": "affected"}, {"version": "21.20.4", "status": "affected"}, {"version": "21.20.5", "status": "affected"}, {"version": "21.20.6", "status": "affected"}, {"version": "21.20.7", "status": "affected"}, {"version": "21.20.8", "status": "affected"}, {"version": "21.20.9", "status": "affected"}, {"version": "21.20.k6", "status": "affected"}, {"version": "21.20.10", "status": "affected"}, {"version": "21.20.11", "status": "affected"}, {"version": "21.20.k7", "status": "affected"}, {"version": "21.20.u8", "status": "affected"}, {"version": "21.20.12", "status": "affected"}, {"version": "21.20.13", "status": "affected"}, {"version": "21.20.14", "status": "affected"}, {"version": "21.20.k8", "status": "affected"}, {"version": "21.20.p9", "status": "affected"}, {"version": "21.20.15", "status": "affected"}, {"version": "21.20.16", "status": "affected"}, {"version": "21.20.17", "status": "affected"}, {"version": "21.20.18", "status": "affected"}, {"version": "21.20.19", "status": "affected"}, {"version": "21.20.20", "status": "affected"}, {"version": "21.20.21", "status": "affected"}, {"version": "21.20.22", "status": "affected"}, {"version": "21.20.23", "status": "affected"}, {"version": "21.20.24", "status": "affected"}, {"version": "21.20.25", "status": "affected"}, {"version": "21.20.26", "status": "affected"}, {"version": "21.20.28", "status": "affected"}, {"version": "21.20.29", "status": "affected"}, {"version": "21.20.30", "status": "affected"}, {"version": "21.20.c22", "status": "affected"}, {"version": "21.20.31", "status": "affected"}, {"version": "21.20.32", "status": "affected"}, {"version": "21.20.33", "status": "affected"}, {"version": "21.20.34", "status": "affected"}, {"version": "21.20.35", "status": "affected"}, {"version": "21.20.27", "status": "affected"}, {"version": "21.20.SV2", "status": "affected"}, {"version": "21.21.0", "status": "affected"}, {"version": "21.21.1", "status": "affected"}, {"version": "21.21.2", "status": "affected"}, {"version": "21.21.3", "status": "affected"}, {"version": "21.21.KS2", "status": "affected"}, {"version": "21.22.0", "status": "affected"}, {"version": "21.22.n2", "status": "affected"}, {"version": "21.22.n3", "status": "affected"}, {"version": "21.22.3", "status": "affected"}, {"version": "21.22.4", "status": "affected"}, {"version": "21.22.5", "status": "affected"}, {"version": "21.22.uj3", "status": "affected"}, {"version": "21.22.11", "status": "affected"}, {"version": "21.22.6", "status": "affected"}, {"version": "21.22.7", "status": "affected"}, {"version": "21.22.8", "status": "affected"}, {"version": "21.22.n4", "status": "affected"}, {"version": "21.22.n5", "status": "affected"}, {"version": "21.22.ua0", "status": "affected"}, {"version": "21.22.ua2", "status": "affected"}, {"version": "21.22.ua3", "status": "affected"}, {"version": "21.22.ua5", "status": "affected"}, {"version": "21.22.12", "status": "affected"}, {"version": "21.22.13", "status": "affected"}, {"version": "21.22.n10", "status": "affected"}, {"version": "21.22.n11", "status": "affected"}, {"version": "21.22.n12", "status": "affected"}, {"version": "21.22.n6", "status": "affected"}, {"version": "21.22.n7", "status": "affected"}, {"version": "21.22.n8", "status": "affected"}, {"version": "21.22.n9", "status": "affected"}, {"version": "21.22.n13", "status": "affected"}, {"version": "21.23.0", "status": "affected"}, {"version": "21.23.1", "status": "affected"}, {"version": "21.23.10", "status": "affected"}, {"version": "21.23.11", "status": "affected"}, {"version": "21.23.12", "status": "affected"}, {"version": "21.23.13", "status": "affected"}, {"version": "21.23.14", "status": "affected"}, {"version": "21.23.15", "status": "affected"}, {"version": "21.23.16", "status": "affected"}, {"version": "21.23.17", "status": "affected"}, {"version": "21.23.2", "status": "affected"}, {"version": "21.23.3", "status": "affected"}, {"version": "21.23.4", "status": "affected"}, {"version": "21.23.5", "status": "affected"}, {"version": "21.23.6", "status": "affected"}, {"version": "21.23.7", "status": "affected"}, {"version": "21.23.8", "status": "affected"}, {"version": "21.23.9", "status": "affected"}, {"version": "21.23.b2", "status": "affected"}, {"version": "21.23.b3", "status": "affected"}, {"version": "21.23.c16", "status": "affected"}, {"version": "21.23.c17", "status": "affected"}, {"version": "21.23.n6", "status": "affected"}, {"version": "21.23.n7", "status": "affected"}, {"version": "21.23.n9", "status": "affected"}, {"version": "21.23.18", "status": "affected"}, {"version": "21.23.19", "status": "affected"}, {"version": "21.23.21", "status": "affected"}, {"version": "21.23.22", "status": "affected"}, {"version": "21.23.23", "status": "affected"}, {"version": "21.23.24", "status": "affected"}, {"version": "21.23.25", "status": "affected"}, {"version": "21.23.26", "status": "affected"}, {"version": "21.23.27", "status": "affected"}, {"version": "21.23.29", "status": "affected"}, {"version": "21.23.30", "status": "affected"}, {"version": "21.23.c18", "status": "affected"}, {"version": "21.23.n10", "status": "affected"}, {"version": "21.23.n11", "status": "affected"}, {"version": "21.23.n8", "status": "affected"}, {"version": "21.23.yn14", "status": "affected"}, {"version": "21.24.0", "status": "affected"}, {"version": "21.24.1", "status": "affected"}, {"version": "21.24.2", "status": "affected"}, {"version": "21.24.3", "status": "affected"}, {"version": "21.25.0", "status": "affected"}, {"version": "21.25.3", "status": "affected"}, {"version": "21.25.4", "status": "affected"}, {"version": "21.25.5", "status": "affected"}, {"version": "21.25.10", "status": "affected"}, {"version": "21.25.11", "status": "affected"}, {"version": "21.25.12", "status": "affected"}, {"version": "21.25.13", "status": "affected"}, {"version": "21.25.14", "status": "affected"}, {"version": "21.25.6", "status": "affected"}, {"version": "21.25.7", "status": "affected"}, {"version": "21.25.8", "status": "affected"}, {"version": "21.25.9", "status": "affected"}, {"version": "21.26.0", "status": "affected"}, {"version": "21.26.1", "status": "affected"}, {"version": "21.26.10", "status": "affected"}, {"version": "21.26.13", "status": "affected"}, {"version": "21.26.14", "status": "affected"}, {"version": "21.26.15", "status": "affected"}, {"version": "21.26.3", "status": "affected"}, {"version": "21.26.5", "status": "affected"}, {"version": "21.26.6", "status": "affected"}, {"version": "21.26.7", "status": "affected"}, {"version": "21.26.17", "status": "affected"}, {"version": "21.27.0", "status": "affected"}, {"version": "21.27.1", "status": "affected"}, {"version": "21.27.2", "status": "affected"}, {"version": "21.27.3", "status": "affected"}, {"version": "21.27.4", "status": "affected"}, {"version": "21.27.5", "status": "affected"}, {"version": "21.27.m0", "status": "affected"}, {"version": "21.28.0", "status": "affected"}, {"version": "21.28.1", "status": "affected"}, {"version": "21.28.2", "status": "affected"}, {"version": "21.28.m0", "status": "affected"}, {"version": "21.28.m1", "status": "affected"}, {"version": "21.28.m2", "status": "affected"}, {"version": "21.28.m3", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco Ultra Cloud Core - User Plane Function", "versions": [{"version": "N/A", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Authentication Bypass by Alternate Name", "type": "cwe", "cweId": "CWE-289"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h", "name": "cisco-sa-staros-ssh-privesc-BmWeJC3h"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-staros-ssh-privesc-BmWeJC3h", "discovery": "EXTERNAL", "defects": ["CSCwd89468"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.853Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h", "name": "cisco-sa-staros-ssh-privesc-BmWeJC3h", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "matchCriteriaId": "1280E939-FA8A-49E4-AE06-616B152929CF", "versionEndExcluding": "21.22.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A2C7A63-E17A-487D-8CCF-3346FDA2859F", "versionEndExcluding": "21.23.31", "versionStartIncluding": "21.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B58A574-77D9-4EC5-9D57-8D244EF7BDB8", "versionEndExcluding": "21.25.15", "versionStartIncluding": "21.25.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9507CCB-0340-40D6-AAF3-D2EA3D3EE408", "versionEndExcluding": "21.26.17", "versionStartIncluding": "21.26.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D9F9D50-DA13-410A-9571-6FA9436165E8", "versionEndExcluding": "21.27.6", "versionStartIncluding": "21.27.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "matchCriteriaId": "833F9A52-2976-4F2C-AA87-FD50BB83BB3D", "versionEndExcluding": "21.28.3", "versionStartIncluding": "21.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:21.23.n:*:*:*:*:*:*:*", "matchCriteriaId": "CD63EE8D-0389-4589-BF86-0F64A8AEDA13", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:21.24:*:*:*:*:*:*:*", "matchCriteriaId": "A0534E44-1CD6-49CB-A574-D7B2CF14CC25", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:21.27.m:*:*:*:*:*:*:*", "matchCriteriaId": "CC1BBD53-BF16-4841-9D20-D2C4129A337B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:staros:21.28.m:*:*:*:*:*:*:*", "matchCriteriaId": "47DCE4FD-48D4-4B25-BBAE-24D270627FCD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*", "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vpc-di:-:*:*:*:*:*:*:*", "matchCriteriaId": "775B2FC4-E182-47F8-B786-EC6A359BCCE3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vpc-si:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFD5A5BE-9B00-4E4F-A4A4-FBEF990F4C39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability."}], "id": "CVE-2023-20046", "lastModified": "2024-11-21T07:40:25.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-09T18:15:11.697", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-289"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}