Code injection

2017-08-1720:29:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%

JSON

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839.

CPENameOperatorVersion
asr_5000_softwareeq21.0.0-v0.65839

CPE	Name	Operator	Version
	asr_5000_software	eq	21.0.0-v0.65839

References

www.securityfocus.com/bid/100386

www.securitytracker.com/id/1039182

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2