Authorization bypass in Cisco ASR 5000 Series Software



Published: 2021-06-02
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-1539
CVE-2021-1540
CWE-ID CWE-285
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco Virtualized Packet Core
Client/Desktop applications / Virtualization software

Cisco StarOS
Operating systems & Components / Operating system

Cisco ASR 5000 Series
Hardware solutions / Firmware

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Authorization

EUVDB-ID: #VU53746

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1539

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote user to gain unauthorized access to the system.

The vulnerability exists in the authorization process of Cisco ASR 5000 Series Software (StarOS) due to incorrect authorization of non-interactive CLI commands. A remote authenticate user can bypass TACACS authorization by sending a crafted Secure Shell (SSH) request to an affected device and execute a certain CLI commands.

Successful exploitation of the vulnerability may result in unauthorized access to sensitive information or denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Virtualized Packet Core: All versions

Cisco StarOS: before 26.19.11

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu85001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authorization

EUVDB-ID: #VU53747

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1540

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote user to gain unauthorized access to the system.

The vulnerability exists due to incorrect authorization of non-interactive CLI commands in the authorization process of Cisco ASR 5000 Series Software (StarOS). A remote authenticated user can send a specially crafted SSH request to an affected device, bypass the nocli option and execute certain CLI commands.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco ASR 5000 Series: All versions

Cisco Virtualized Packet Core: All versions

Cisco StarOS: before 26.19.11

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv33622


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###