Cisco ASR 5000 Series Router StartOS CLI Input Validation Flaw Lets Local Users Obtain Root Privileges
|
SecurityTracker Alert ID: 1040239 |
SecurityTracker URL: http://securitytracker.com/id/1040239
|
CVE Reference:
CVE-2018-0115
(Links to External Site)
|
Date: Jan 18 2018
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5000 Series
|
Description:
A vulnerability was reported in Cisco ASR 5000 Series Router. A local user can obtain root privileges on the target system.
A local user can supply specially crafted arguments to trigger an input validation flaw in the Cisco StarOS command line interface and execute arbitrary commands on the target system with root privileges.
The vendor has assigned bug ID CSCvf93332 to this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
The vendor has issued a fix.
The vendor advisory is available at:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros
|
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros (Links to External Site)
|
Cause:
Input validation error
|
|
Message History:
None.
|
Source Message Contents
|
Subject: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros
|
|
|