CVE-2016-1335

Published: Feb 19, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.

Affected (6)

Products: Cisco: Asr 5000 Series Software

Cisco

1 product

Asr 5000 Series Software

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Asr 5000 Series Software	Version 16.5.2
Cisco Asr 5000 Series Software	Version 17.7.0
Cisco Asr 5000 Series Software	Version 18.4.0
Cisco Asr 5000 Series Software	Version 19.0.1
Cisco Asr 5000 Series Software	Version 19.3.0
Cisco Asr 5000 Series Software	Version 20.0.0

Related CWEs

CWE-264

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1035062

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1035062

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.