#VU10119 Command injection in Cisco StarOS - CVE-2018-0115
Published: January 22, 2018
Vulnerability identifier: #VU10119
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0115
CWE-ID: CWE-77
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco StarOS
Cisco StarOS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an adjacent attacker to execute arbitrary commands on the target system.
The weakness exists in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers due to insufficient validation of user-supplied input. An adjacent attacker can use valid administrator credentials to inject malicious command arguments into a vulnerable CLI command and execute arbitrary commands with root privileges
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers due to insufficient validation of user-supplied input. An adjacent attacker can use valid administrator credentials to inject malicious command arguments into a vulnerable CLI command and execute arbitrary commands with root privileges
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.