Authorization bypass in Cisco ASR 5000 Series Software
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-1539 CVE-2021-1540 |
| CWE-ID | CWE-285 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Virtualized Packet Core Client/Desktop applications / Virtualization software Cisco StarOS Operating systems & Components / Operating system Cisco ASR 5000 Series Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Authorization
EUVDB-ID: #VU53746
Risk: Medium
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1539
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to the system.
The vulnerability exists in the authorization process of Cisco ASR 5000 Series Software (StarOS) due to incorrect authorization of non-interactive CLI commands. A remote authenticate user can bypass TACACS authorization by sending a crafted Secure Shell (SSH) request to an affected device and execute a certain CLI commands.
Successful exploitation of the vulnerability may result in unauthorized access to sensitive information or denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsCisco Virtualized Packet Core: All versions
Cisco StarOS: before 21.16.9
CPE2.3- cpe:2.3:a:cisco_systems:cisco_virtualized_packet_core:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_staros:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu85001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authorization
EUVDB-ID: #VU53747
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1540
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to the system.
The vulnerability exists due to incorrect authorization of non-interactive CLI commands in the authorization process of Cisco ASR 5000 Series Software (StarOS). A remote authenticated user can send a specially crafted SSH request to an affected device, bypass the nocli option and execute certain CLI commands.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco ASR 5000 Series: All versions
Cisco Virtualized Packet Core: All versions
Cisco StarOS: before 21.16.9
CPE2.3- cpe:2.3:h:cisco_systems:cisco_asr_5000_series:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_virtualized_packet_core:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_staros:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv33622
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
