The SSH implementation in Cisco StarOS prior to 19.3.M0.62771 and 20.x prior to 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco asr 5000 series software 20.0.0 |
||
cisco asr 5000 series software 16.5.2 |
||
cisco asr 5000 series software 19.3.0 |
||
cisco asr 5000 series software 19.0.1 |
||
cisco asr 5000 series software 18.4.0 |
||
cisco asr 5000 series software 17.7.0 |