8.8

CVE-2021-1539

Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoStaros Version < 21.16.9
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.17.0 < 21.17.10
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.18.0 < 21.18.16
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.19.0 < 21.19.11
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.19.n < 21.19.n7
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.20.0 < 21.20.8
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.515
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
psirt@cisco.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.