var-201602-0067
Vulnerability from variot
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. Cisco ASR 5000 Run on device StarOS of SSH Because the implementation incorrectly handles multi-user public key authentication settings, there is a vulnerability that can be obtained. The CiscoStarOSonASR5000 is an operating system operated by Cisco Systems Inc. in the 5000 series routers. The vulnerability stems from the fact that the program does not properly handle multi-user public-key authentication configuration
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "20.0.0"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "16.5.2"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "19.0.1"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "19.3.0"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "17.7.0"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "18.4.0"
},
{
"model": "asr 5000 series software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "20.0.m0.62768"
},
{
"model": "asr 5000 series software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "20.x"
},
{
"model": "staros on asr 19.3.m0.62771",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5000\u003c"
},
{
"model": "staros on asr 20.0.m0.62768",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5000\u003c"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
},
{
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
}
]
},
"cve": "CVE-2016-1335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1335",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-01313",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-90154",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2016-1335",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1335",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1335",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01313",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-390",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90154",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1335",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "VULHUB",
"id": "VHN-90154"
},
{
"db": "VULMON",
"id": "CVE-2016-1335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
},
{
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator\u0027s connection, aka Bug ID CSCux22492. Cisco ASR 5000 Run on device StarOS of SSH Because the implementation incorrectly handles multi-user public key authentication settings, there is a vulnerability that can be obtained. The CiscoStarOSonASR5000 is an operating system operated by Cisco Systems Inc. in the 5000 series routers. The vulnerability stems from the fact that the program does not properly handle multi-user public-key authentication configuration",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "VULHUB",
"id": "VHN-90154"
},
{
"db": "VULMON",
"id": "CVE-2016-1335"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1335",
"trust": 3.2
},
{
"db": "SECTRACK",
"id": "1035062",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-390",
"trust": 0.7
},
{
"db": "BID",
"id": "83304",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01313",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90154",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1335",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "VULHUB",
"id": "VHN-90154"
},
{
"db": "VULMON",
"id": "CVE-2016-1335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
},
{
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"id": "VAR-201602-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "VULHUB",
"id": "VHN-90154"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
}
]
},
"last_update_date": "2024-11-23T22:42:21.645000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160218-asr",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr"
},
{
"title": "Patch for CiscoStarOS Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71920"
},
{
"title": "Cisco ASR 5000 StarOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60287"
},
{
"title": "Cisco: Cisco ASR 5000 Series StarOS SSH Subsystem Privilege Escalation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160218-asr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "VULMON",
"id": "CVE-2016-1335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90154"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160218-asr"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1035062"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1335"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1335"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "VULHUB",
"id": "VHN-90154"
},
{
"db": "VULMON",
"id": "CVE-2016-1335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
},
{
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"db": "VULHUB",
"id": "VHN-90154"
},
{
"db": "VULMON",
"id": "CVE-2016-1335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
},
{
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"date": "2016-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-90154"
},
{
"date": "2016-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1335"
},
{
"date": "2016-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"date": "2016-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-390"
},
{
"date": "2016-02-19T19:59:03.157000",
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01313"
},
{
"date": "2016-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-90154"
},
{
"date": "2016-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1335"
},
{
"date": "2016-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001712"
},
{
"date": "2016-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-390"
},
{
"date": "2024-11-21T02:46:12.437000",
"db": "NVD",
"id": "CVE-2016-1335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Run on device StarOS of SSH Vulnerabilities that can gain privileges in implementation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-390"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.