Vulnerability Name:

CVE-2017-3819 (CCN-123245)

Assigned:2016-12-21
Published:2017-03-15
Updated:2019-10-03
Summary:A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-306
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2017-3819

Source: BID
Type: Third Party Advisory, VDB Entry
96913

Source: CCN
Type: BID-96913
Cisco StarOS CVE-2017-3819 Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1038050

Source: XF
Type: UNKNOWN
cisco-cve20173819-priv-esc(123245)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20170315-asr
Cisco StarOS SSH Privilege Escalation Vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:asr_5000_series_software:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.0.0.57828:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.0.0.59167:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.0.0.59211:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.0.l0.59219:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.1.0.59776:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.1.0.59780:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.1_base:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.3_base:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:18.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.0.m0.60737:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.0.m0.60828:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.0.m0.61045:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.1.0.61559:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:19.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:virtualized_packet_core:v18.0_base:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:virtualized_packet_core:v19.0_base:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:virtualized_packet_core:v20.0_base:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:virtualized_packet_core:20.0_base:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:staros:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_5000:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_5500:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_5700:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco asr 5000 series software 18.0.0
    cisco asr 5000 series software 18.0.0.57828
    cisco asr 5000 series software 18.0.0.59167
    cisco asr 5000 series software 18.0.0.59211
    cisco asr 5000 series software 18.0.l0.59219
    cisco asr 5000 series software 18.1.0
    cisco asr 5000 series software 18.1.0.59776
    cisco asr 5000 series software 18.1.0.59780
    cisco asr 5000 series software 18.1_base
    cisco asr 5000 series software 18.3.0
    cisco asr 5000 series software 18.3_base
    cisco asr 5000 series software 18.4.0
    cisco asr 5000 series software 19.0.1
    cisco asr 5000 series software 19.0.m0.60737
    cisco asr 5000 series software 19.0.m0.60828
    cisco asr 5000 series software 19.0.m0.61045
    cisco asr 5000 series software 19.1.0
    cisco asr 5000 series software 19.1.0.61559
    cisco asr 5000 series software 19.2.0
    cisco asr 5000 series software 19.3.0
    cisco asr 5000 series software 20.0.0
    cisco virtualized packet core v18.0_base
    cisco virtualized packet core v19.0_base
    cisco virtualized packet core v20.0_base
    cisco virtualized packet core 20.0_base
    cisco staros *
    cisco asr 5000 *
    cisco asr 5500 *
    cisco asr 5700 *