25 matches found
CVE-2025-32433
The CVE-2025-32433 issue affects Erlang/OTP’s SSH server and is caused by a flaw in SSH message handling during authentication, enabling an unauthenticated attacker to execute arbitrary commands with the SSH daemon’s privileges (potentially root). Affected OTP versions include OTP-27.3.2?3, OTP-2...
CVE-2023-20046
Cisco StarOS Software contains a vulnerability in the key-based SSH authentication feature that could let an authenticated, low-privilege SSH key grant an attacker login as a high-privileged user. The issue stems from insufficient validation of user-supplied credentials, enabling privilege escala...
CVE-2019-1869
CVE-2019-1869 concerns Cisco StarOS running on virtual platforms. The issue is a logic error in the internal packet-processing path that, under certain traffic conditions, could allow an unauthenticated, remote attacker to cause the affected device to stop processing traffic on an interface, resu...
CVE-2013-0149
CVE-2013-0149: The OSPF implementation in Cisco IOS (12.0–12.4, 15.0–15.3), IOS-XE 2.x–3.9.xS, ASA/PIX 7.x–9.1, FWSM, NX-OS, and StarOS before 14.0.50488 fails to properly validate LSA type 1 packets before updating the LSA database, enabling remote attackers to cause a denial of service (routing...
CVE-2019-16026
Cisco CVE-2019-16026 affects the SCTP implementation in Cisco Mobility Management Entity (MME). Affected component: SCTP input validation in MME could be exploited by a remote attacker in a MITM position between the eNodeB and the MME to send a crafted SCTP message, causing the MME to stop sendin...
CVE-2022-20665
CVE-2022-20665 is a Cisco StarOS command-injection vulnerability in the CLI. It arises from insufficient input validation of CLI commands, enabling an authenticated, local attacker with administrative credentials to execute arbitrary code with root privileges on an affected device. Exploitation w...
CVE-2020-3601
CVE-2020-3601 affects Cisco StarOS on ASR 5000 Series Routers. The vulnerability arises from insufficient input validation in the CLI, enabling an authenticated, local attacker with administrative credentials to execute arbitrary code with root privileges. Reports describe privilege escalation by...
CVE-2021-1539
CVE-2021-1539 concerns multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) that allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. The issue stems from weaknesses in the authoriza...
CVE-2021-1378
Cisco StarOS Denial of Service via SSH: a logic error under specific traffic conditions can allow unauthenticated, remote attackers to craft packets to stop processing traffic, causing DoS. Affected: Cisco StarOS SSH service; Vector: network, low complexity, no authentication. Impact: targeted se...
CVE-2021-1540
CVE-2021-1540 concerns Cisco ASR 5000 Series Software (StarOS). The advisory describes multiple vulnerabilities in the authorization process that could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. The issue is tied to ...
CVE-2020-3602
CVE-2020-3602 affects Cisco StarOS on Cisco ASR 5000 Series routers. The issue stems from insufficient input validation in the CLI, allowing an authenticated, local attacker with valid credentials to craft CLI commands and execute arbitrary code with root privileges. Documents consistently descri...
CVE-2018-0369
CVE-2018-0369 is a Cisco StarOS DoS vulnerability in the IPv4 fragment reassembly logic. An unauthenticated, remote attacker can trigger a reload of the npusim process by sending malformed fragmented IPv4 packets with options, causing all four npusim instances to restart and drop queued traffic d...
CVE-2021-1145
CVE-2021-1145 affects Cisco StarOS for the Cisco ASR 5000 Series Routers. The vulnerability is due to insecure handling of symbolic links in Secure FTP (SFTP); with valid credentials, an authenticated attacker could read arbitrary files on the device by sending a crafted SFTP command. Cisco’s adv...
CVE-2020-3500
CVE-2020-3500 affects Cisco StarOS IPv6 handling. The vulnerability arises from insufficient validation of incoming IPv6 traffic in StarOS, allowing an unauthenticated, remote attacker to trigger a DoS by sending crafted IPv6 packets, causing the device to reload. IPv4 traffic is unaffected. Conn...
CVE-2018-0239
The CVE-2018-0239 issue affects Cisco ASR 5700 Series devices and VPC System Software running StarOS. It stems from improper verification of transmitted packet length against NIC maximums in the egress path, allowing unauthenticated remote attackers to trigger an Interface Forwarding Denial of Se...
CVE-2020-3244
Cisco ASR 5000 Series Aggregation Services Routers contain an input validation flaw in the Enhanced Charging Service (ECS) feature that allows an unauthenticated, remote attacker to bypass traffic classification rules by sending a malformed HTTP request. The impact is the ability to avoid chargin...
CVE-2017-6707
CVE-2017-6707 affects Cisco StarOS CLI on ASR 5000/5500/5700 series and Cisco VPC Software. The issue stems from improper sanitization of CLI commands before they are inserted into Linux shell commands, allowing an authenticated local attacker to break out of the StarOS CLI and execute arbitrary ...
CVE-2021-1353
Cisco StarOS IPv4 DoS (CVE-2021-1353): memory leak in IPv4 packet processing allows unauthenticated remote attackers to exhaust memory and trigger npusim restarts, causing DoS. Affected: Cisco StarOS. Exploit involves sending crafted IPv4 packets. Remediation: Cisco has released software updates;...
CVE-2018-0115
Cisco StarOS CLI Command Injection (CVE-2018-0115) affects Cisco ASR 5000 Series routers. A vulnerability in the StarOS CLI allows an authenticated local attacker to inject commands and execute arbitrary commands with root privileges due to insufficient input validation. Exploitation requires val...
CVE-2018-0224
CVE-2018-0224 concerns a vulnerability in the Cisco StarOS CLI for Cisco ASR 5000 Series Aggregation Services Routers. The flaw stems from insufficient validation of user-supplied input in the StarOS operating system, allowing an authenticated, local attacker to inject malicious arguments into a ...
CVE-2018-0273
Cisco StarOS IPsec Manager on ASR 5000 and VPC is affected by CVE-2018-0273 due to improper handling of corrupted IKEv2 messages. An unauthenticated, remote attacker could trigger ipsecmgr to reload, terminating all active IPsec VPN tunnels and preventing new ones until the service restarts (DoS)...
CVE-2018-0122
CVE-2018-0122 is a Cisco StarOS CLI vulnerability on Cisco ASR 5000 Series where insufficient input validation in a vulnerable CLI command can allow an authenticated, local attacker with valid admin credentials to overwrite or modify arbitrary files stored in flash memory. The issue stems from im...
CVE-2017-3865
Cisco StarOS for ASR 5000 Series Routers/IPsec VPN DoS (CVE-2017-3865) arises from improper processing of IKE messages, triggering ipsecmgr reload and terminating all active IPsec tunnels, preventing new ones. Affected: ASR 5000 Series Routers, VPC Software. Root cause: IPsec component mishandlin...
CVE-2015-0711
The CVE-2015-0711 issue affects Cisco StarOS (ASR 5000) with hamgr in the IPv6 Proxy Mobile (PM) implementation (Cisco StarOS 18.1.0.59776). The root cause is improper processing of malformed IPv6 PM packets in the hamgr service, enabling a remote attacker to cause a denial of service via a servi...
CVE-2015-0712
Cisco StarOS for ASR 5000 Series (12.0, 12.2(300), 14.0, 14.0(600)) uses a vulnerable session-manager service that can be remotely triggered to reload, causing DoS via malformed HTTP packets (Bug CSCud14217). Affected devices process HTTP at the session-manager, and the issue’s exploitation leads...