Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3819

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.

Published

2017-03-15T20:59:00.147

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-264
Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	asr_5000_series_software	18.0.0	Yes
Application	cisco	asr_5000_series_software	18.0.0.57828	Yes
Application	cisco	asr_5000_series_software	18.0.0.59167	Yes
Application	cisco	asr_5000_series_software	18.0.0.59211	Yes
Application	cisco	asr_5000_series_software	18.0.l0.59219	Yes
Application	cisco	asr_5000_series_software	18.1.0	Yes
Application	cisco	asr_5000_series_software	18.1.0.59776	Yes
Application	cisco	asr_5000_series_software	18.1.0.59780	Yes
Application	cisco	asr_5000_series_software	18.1_base	Yes
Application	cisco	asr_5000_series_software	18.3.0	Yes
Application	cisco	asr_5000_series_software	18.3_base	Yes
Application	cisco	asr_5000_series_software	18.4.0	Yes
Application	cisco	asr_5000_series_software	19.0.1	Yes
Application	cisco	asr_5000_series_software	19.0.m0.60737	Yes
Application	cisco	asr_5000_series_software	19.0.m0.60828	Yes
Application	cisco	asr_5000_series_software	19.0.m0.61045	Yes
Application	cisco	asr_5000_series_software	19.1.0	Yes
Application	cisco	asr_5000_series_software	19.1.0.61559	Yes
Application	cisco	asr_5000_series_software	19.2.0	Yes
Application	cisco	asr_5000_series_software	19.3.0	Yes
Application	cisco	asr_5000_series_software	20.0.0	Yes
Application	cisco	virtualized_packet_core	v18.0_base	Yes
Application	cisco	virtualized_packet_core	v19.0_base	Yes
Application	cisco	virtualized_packet_core	v20.0_base	Yes

References

http://www.securityfocus.com/bid/96913 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1038050 ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/96913 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038050 (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)