CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
47.6%
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator’s connection, aka Bug ID CSCux22492.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | asr_5000_series_software | 16.5.2 | cpe:2.3:a:cisco:asr_5000_series_software:16.5.2:*:*:*:*:*:*:* |
cisco | asr_5000_series_software | 17.7.0 | cpe:2.3:a:cisco:asr_5000_series_software:17.7.0:*:*:*:*:*:*:* |
cisco | asr_5000_series_software | 18.4.0 | cpe:2.3:a:cisco:asr_5000_series_software:18.4.0:*:*:*:*:*:*:* |
cisco | asr_5000_series_software | 19.0.1 | cpe:2.3:a:cisco:asr_5000_series_software:19.0.1:*:*:*:*:*:*:* |
cisco | asr_5000_series_software | 19.3.0 | cpe:2.3:a:cisco:asr_5000_series_software:19.3.0:*:*:*:*:*:*:* |
cisco | asr_5000_series_software | 20.0.0 | cpe:2.3:a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
47.6%