Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)
High Nessus Plugin ID 101528
The remote device is affected by a privilege escalation vulnerability.
According to its self-reported version and model number, the remote Cisco ASR device is affected by a privilege escalation vulnerability in StarOS in the Command Line Interface (CLI) due to improper sanitization of commands passed to the Linux shell. A local attacker can exploit this, via specially crafted CLI commands, to execute arbitrary shell commands with root privileges.
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvc69329 or CSCvc72930.