First published: Fri Feb 19 2016(Updated: )
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco ASR 5000 Series Software | =16.5.2 | |
Cisco ASR 5000 Series Software | =17.7.0 | |
Cisco ASR 5000 Series Software | =18.4.0 | |
Cisco ASR 5000 Series Software | =19.0.1 | |
Cisco ASR 5000 Series Software | =19.3.0 | |
Cisco ASR 5000 Series Software | =20.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.