Cisco ASR 5000/ASR 5500/ASR 5700 up to 17.7.x/18.7.3/19.4/20.2.2 Secure Shell Subsystem access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.6 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Cisco ASR 5000, ASR 5500 and ASR 5700 up to 17.7.x/18.7.3/19.4/20.2.2. The impacted element is an unknown function of the component Secure Shell Subsystem. Such manipulation leads to access control. This vulnerability is listed as CVE-2017-3819. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as critical, has been found in Cisco ASR 5000, ASR 5500 and ASR 5700 up to 17.7.x/18.7.3/19.4/20.2.2 (Router Operating System). Affected by this issue is an unknown code block of the component Secure Shell Subsystem. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. CVE summarizes:
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.
The bug was discovered 03/15/2017. The weakness was presented 03/15/2017 with Cisco as cisco-sa-20170315-asr as confirmed advisory (Website). The advisory is available at tools.cisco.com. This vulnerability is handled as CVE-2017-3819 since 12/21/2016. The attack may be launched remotely. The requirement for exploitation is a simple authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.
The vulnerability scanner Nessus provides a plugin with the ID 99266 (Cisco ASR StarOS SSH Login Parameter Handling Privilege Escalation (cisco-sa-20170315-asr)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l.
Upgrading to version 18.7.4, 19.5 or 20.2.3 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (99266), SecurityFocus (BID 96913†) and SecurityTracker (ID 1038050†). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.6
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 99266
Nessus Name: Cisco ASR StarOS SSH Login Parameter Handling Privilege Escalation (cisco-sa-20170315-asr)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: ASR 5000/ASR 5500/ASR 5700 18.7.4/19.5/20.2.3
Timeline
12/21/2016 🔍03/15/2017 🔍
03/15/2017 🔍
03/15/2017 🔍
03/15/2017 🔍
03/15/2017 🔍
03/16/2017 🔍
04/10/2017 🔍
12/25/2024 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20170315-asr
Organization: Cisco
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-3819 (🔍)
GCVE (CVE): GCVE-0-2017-3819
GCVE (VulDB): GCVE-100-98138
SecurityFocus: 96913 - Cisco StarOS CVE-2017-3819 Privilege Escalation Vulnerability
OSVDB: - CVE-2017-3819 - Cisco - StarOS - Privilege Escalation Issue
SecurityTracker: 1038050
Entry
Created: 03/16/2017 11:15Updated: 12/25/2024 18:11
Changes: 03/16/2017 11:15 (72), 09/08/2020 14:40 (4), 12/25/2024 18:11 (17)
Complete: 🔍
Cache ID: 216:A14:103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.