8.1

CVE-2021-1540

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Data is provided by the National Vulnerability Database (NVD)
CiscoStaros Version < 21.16.9
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.17.0 < 21.17.10
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.18.0 < 21.18.16
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.19.0 < 21.19.11
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.19.n < 21.19.n7
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
CiscoStaros Version >= 21.20.0 < 21.20.8
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.26% 0.492
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
psirt@cisco.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.