Detections
Analytics

Cisco ASR 5000 Series StarOS SSH Subsystem Privilege Escalation (CSCux22492)

high Nessus Plugin ID 89051

Language:

Synopsis

The remote device is affected by a privilege escalation vulnerability.

Description

The remote Cisco ASR 5000 Series device is affected by a privilege escalation vulnerability in the SSH subsystem due to improper handling of multi-user public-key authentication. An authenticated, remote attacker can exploit this, by establishing a connection from an endpoint that was previously used for an administrator's connection, to gain elevated privileges.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCux22492.

See Also

http://www.nessus.org/u?c0aab2ac

https://tools.cisco.com/bugsearch/bug/CSCux22492

Plugin Details

Severity: High

ID: 89051

File Name: cisco-sa-20160218-asr.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 3/1/2016

Updated: 11/20/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1335

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:staros, cpe:/h:cisco:asr_5000

Required KB Items: Host/Cisco/ASR/Model, Host/Cisco/StarOS

Exploit Ease: No known exploits are available

Patch Publication Date: 2/18/2016

Vulnerability Publication Date: 2/18/2016

Reference Information

CVE: CVE-2016-1335

BID: 83304

CISCO-SA: cisco-sa-20160218-asr

CISCO-BUG-ID: CSCux22492