8.8

CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.

 This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.

   There are workarounds that address this vulnerability.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoStaros Version < 21.22.14
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version >= 21.23.0 < 21.23.31
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version >= 21.25.0 < 21.25.15
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version >= 21.26.0 < 21.26.17
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version >= 21.27.0 < 21.27.6
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version >= 21.28.0 < 21.28.3
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version21.23.n
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version21.24
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version21.27.m
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
CiscoStaros Version21.28.m
   CiscoAsr 5000 Version-
   CiscoAsr 5500 Version-
   CiscoAsr 5700 Version-
   CiscoVpc-di Version-
   CiscoVpc-si Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.654
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@cisco.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-289 Authentication Bypass by Alternate Name

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.