CVE-2018-0217 — MEDIUM (6.7)

Vulnerability Description

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Asr 5000 Firmware	21.3.0.67664
Cisco	Asr 5000	-
Cisco	Asr 5700 Firmware	21.3.0.67664
Cisco	Asr 5700	-
Cisco	Asr 5500 Firmware	21.3.0.67664
Cisco	Asr 5500	-

Related Weaknesses (CWE)

CWE-78 CWE-77

References

http://www.securityfocus.com/bid/103346Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040466Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/103346Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040466Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2018-0217?

CVE-2018-0217 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attac...

How severe is CVE-2018-0217?

CVE-2018-0217 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0217?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Asr 5000 Firmware, Cisco Asr 5000, Cisco Asr 5700 Firmware, Cisco Asr 5700, Cisco Asr 5500 Firmware.