Staros@* Security Vulnerabilities and Issues — Staros@* CVE List

Lucene search

CiscoStaros*

16 matches found

CVE•added 2025/04/16 10:15 p.m.•547 views

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor c...

10CVSS9.9AI score0.56251EPSS

CVE•added 2023/05/09 6:15 p.m.•442 views

CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerabi...

8.8CVSS8.7AI score0.00554EPSS

CVE•added 2019/06/20 3:15 a.m.•226 views

CVE-2019-1869

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerabili...

8.6CVSS7.9AI score0.00482EPSS

CVE•added 2020/01/26 5:15 a.m.•124 views

CVE-2019-16026

A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is ...

6.8CVSS6.1AI score0.00698EPSS

CVE•added 2022/04/06 7:15 p.m.•81 views

CVE-2022-20665

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A suc...

7.2CVSS6.7AI score0.00152EPSS

CVE•added 2020/10/08 5:15 a.m.•65 views

CVE-2020-3601

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerabi...

7.2CVSS6.1AI score0.00114EPSS

CVE•added 2021/02/17 5:15 p.m.•61 views

CVE-2021-1378

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific t...

7.5CVSS6.3AI score0.00155EPSS

CVE•added 2020/10/08 5:15 a.m.•59 views

CVE-2020-3602

7.2CVSS6.8AI score0.00125EPSS

CVE•added 2021/06/04 5:15 p.m.•59 views

CVE-2021-1539

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

8.8CVSS8.3AI score0.00285EPSS

CVE•added 2020/08/17 6:15 p.m.•56 views

CVE-2020-3500

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability b...

8.6CVSS7.1AI score0.0029EPSS

CVE•added 2018/07/16 5:29 p.m.•55 views

CVE-2018-0369

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim proces...

8.6CVSS8.2AI score0.00662EPSS

CVE•added 2021/06/04 5:15 p.m.•55 views

CVE-2021-1540

8.1CVSS7.5AI score0.00261EPSS

CVE•added 2020/06/18 3:15 a.m.•53 views

CVE-2020-3244

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of u...

5.3CVSS5.4AI score0.00418EPSS

CVE•added 2021/01/13 10:15 p.m.•52 views

CVE-2021-1145

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulner...

6.5CVSS6.4AI score0.00262EPSS

CVE•added 2021/01/20 8:15 p.m.•48 views

CVE-2021-1353

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerabil...

8.6CVSS6.9AI score0.00521EPSS

CVE•added 2018/01/18 6:29 a.m.•40 views

CVE-2018-0115

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplie...

7.2CVSS6.8AI score0.00109EPSS