Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.

Published

2023-05-09T18:15:11.697

Last Modified

2024-11-21T07:40:25.733

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-289
Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	staros	< 21.22.14	Yes
Operating System	cisco	staros	< 21.23.31	Yes
Operating System	cisco	staros	< 21.25.15	Yes
Operating System	cisco	staros	< 21.26.17	Yes
Operating System	cisco	staros	< 21.27.6	Yes
Operating System	cisco	staros	< 21.28.3	Yes
Operating System	cisco	staros	21.23.n	Yes
Operating System	cisco	staros	21.24	Yes
Operating System	cisco	staros	21.27.m	Yes
Operating System	cisco	staros	21.28.m	Yes
Hardware	cisco	asr_5000	-	No
Hardware	cisco	asr_5500	-	No
Hardware	cisco	asr_5700	-	No
Hardware	cisco	vpc-di	-	No
Hardware	cisco	vpc-si	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)