Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Staros
(Cisco)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 24 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-01-13 | CVE-2021-1145 | A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the... | Staros | 6.5 | ||
2021-01-20 | CVE-2021-1353 | A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the... | Staros, Virtualized_packet_core\-Single_instance | 8.6 | ||
2021-02-17 | CVE-2021-1378 | A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted... | Staros | 7.5 | ||
2021-06-04 | CVE-2021-1539 | Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Staros, Virtualized_packet_core | 8.8 | ||
2021-06-04 | CVE-2021-1540 | Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Staros, Virtualized_packet_core | 7.2 | ||
2022-04-06 | CVE-2022-20665 | A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative... | Staros | 6.7 | ||
2020-06-18 | CVE-2020-3244 | A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker... | Staros | 5.3 | ||
2018-04-19 | CVE-2018-0239 | A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that... | Staros | N/A | ||
2018-03-08 | CVE-2018-0224 | A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable... | Staros | N/A | ||
2018-02-08 | CVE-2018-0122 | A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected... | Staros | N/A |