CVE-2021-1540

Published: Jun 4, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (7)

Products: Cisco: Staros, Virtualized Packet Core

Cisco

2 products

Staros

Virtualized Packet Core

Configuration A

6 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Cisco Staros	Before 21.16.9
Cisco Staros	From 21.17.0 to 21.17.10
Cisco Staros	From 21.18.0 to 21.18.16
Cisco Staros	From 21.19.0 to 21.19.11
Cisco Staros	From 21.19.n to 21.19.n7
Cisco Staros	From 21.20.0 to 21.20.8

Running on/with	Platform Versions
Cisco Asr 5000	All versions
Cisco Asr 5500	All versions
Cisco Asr 5700	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Virtualized Packet Core	All versions

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.