Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3819

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 2 products from cisco, from cisco organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2017-03-15T20:59:00.147

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-264
Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	asr_5000_series_software	18.0.0	Yes
Application	cisco	asr_5000_series_software	18.0.0.57828	Yes
Application	cisco	asr_5000_series_software	18.0.0.59167	Yes
Application	cisco	asr_5000_series_software	18.0.0.59211	Yes
Application	cisco	asr_5000_series_software	18.0.l0.59219	Yes
Application	cisco	asr_5000_series_software	18.1.0	Yes
Application	cisco	asr_5000_series_software	18.1.0.59776	Yes
Application	cisco	asr_5000_series_software	18.1.0.59780	Yes
Application	cisco	asr_5000_series_software	18.1_base	Yes
Application	cisco	asr_5000_series_software	18.3.0	Yes
Application	cisco	asr_5000_series_software	18.3_base	Yes
Application	cisco	asr_5000_series_software	18.4.0	Yes
Application	cisco	asr_5000_series_software	19.0.1	Yes
Application	cisco	asr_5000_series_software	19.0.m0.60737	Yes
Application	cisco	asr_5000_series_software	19.0.m0.60828	Yes
Application	cisco	asr_5000_series_software	19.0.m0.61045	Yes
Application	cisco	asr_5000_series_software	19.1.0	Yes
Application	cisco	asr_5000_series_software	19.1.0.61559	Yes
Application	cisco	asr_5000_series_software	19.2.0	Yes
Application	cisco	asr_5000_series_software	19.3.0	Yes
Application	cisco	asr_5000_series_software	20.0.0	Yes
Application	cisco	virtualized_packet_core	v18.0_base	Yes
Application	cisco	virtualized_packet_core	v19.0_base	Yes
Application	cisco	virtualized_packet_core	v20.0_base	Yes

References

http://www.securityfocus.com/bid/96913 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1038050 ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/96913 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038050 (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.