Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0122

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.4, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts integrity (unauthorized modifications), for affected systems. Impacting 4 products from cisco, from cisco, from cisco and 1 other, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2018, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2018-02-08T07:29:00.477

Last Modified

2024-11-21T03:37:33.990

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

9.2

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	staros	21.3.0.67664	Yes
Hardware	cisco	asr_5000	-	No
Hardware	cisco	asr_5500	-	No
Hardware	cisco	asr_5700	-	No

References

http://www.securityfocus.com/bid/103028 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040340 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103028 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040340 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.