Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)

High Nessus Plugin ID 101528

Synopsis

The remote device is affected by a privilege escalation vulnerability.

Description

According to its self-reported version and model number, the remote Cisco ASR device is affected by a privilege escalation vulnerability in StarOS in the Command Line Interface (CLI) due to improper sanitization of commands passed to the Linux shell. A local attacker can exploit this, via specially crafted CLI commands, to execute arbitrary shell commands with root privileges.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvc69329 or CSCvc72930.

Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)

High Nessus Plugin ID 101528

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information