Lucene search

CiscoCVELIST:CVE-2021-1540

HistoryJun 04, 2021 - 4:46 p.m.

CVE-2021-1540 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

2021-06-0416:46:02

CWE-863

cisco

www.cve.org

cisco

asr 5000

authorization bypass

vulnerabilities

staros

cli commands

remote attack

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.005

Percentile

77.5%

JSON

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CNA Affected

[
  {
    "product": "Cisco ASR 5000 Series Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.005

Percentile

77.5%

JSON

Related for CVELIST:CVE-2021-1540