Lucene search

CiscoCVELIST:CVE-2021-1145

HistoryJan 13, 2021 - 9:45 p.m.

CVE-2021-1145 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability

2021-01-1321:45:36

CWE-61

cisco

www.cve.org

cisco

staros

sftp

arbitrary file read

vulnerability

asr 5000 series routers

secure ftp

remote attacker

symbolic links

crafted sftp command

valid credentials

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.1%

JSON

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.

CNA Affected

[
  {
    "product": "Cisco ASR 5000 Series Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.1%

JSON

Related for CVELIST:CVE-2021-1145