CVE-2023-20046
First published: Tue May 09 2023(Updated: )
A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco StarOS | <21.22.14 | |
| Cisco StarOS | >=21.23.0<21.23.31 | |
| Cisco StarOS | >=21.25.0<21.25.15 | |
| Cisco StarOS | >=21.26.0<21.26.17 | |
| Cisco StarOS | >=21.27.0<21.27.6 | |
| Cisco StarOS | >=21.28.0<21.28.3 | |
| Cisco StarOS | =21.23.n | |
| Cisco StarOS | =21.24 | |
| Cisco StarOS | =21.27.m | |
| Cisco StarOS | =21.28.m | |
| Cisco ASR 5000 | ||
| Cisco ASR 5500 | ||
| Cisco Asr 5700 | ||
| Cisco Vpc-di | ||
| Cisco Vpc-si | ||
| All of | ||
| Any of | ||
| Cisco StarOS | <21.22.14 | |
| Cisco StarOS | >=21.23.0<21.23.31 | |
| Cisco StarOS | >=21.25.0<21.25.15 | |
| Cisco StarOS | >=21.26.0<21.26.17 | |
| Cisco StarOS | >=21.27.0<21.27.6 | |
| Cisco StarOS | >=21.28.0<21.28.3 | |
| Cisco StarOS | =21.23.n | |
| Cisco StarOS | =21.24 | |
| Cisco StarOS | =21.27.m | |
| Cisco StarOS | =21.28.m | |
| Any of | ||
| Cisco ASR 5000 | ||
| Cisco ASR 5500 | ||
| Cisco Asr 5700 | ||
| Cisco Vpc-di | ||
| Cisco Vpc-si |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-20046?
CVE-2023-20046 is a vulnerability in the key-based SSH authentication feature of Cisco StarOS Software that allows an authenticated, remote attacker to elevate privileges on an affected device.
How does CVE-2023-20046 occur?
CVE-2023-20046 occurs due to insufficient validation of user-supplied credentials in the key-based SSH authentication feature of Cisco StarOS Software.
What is the severity of CVE-2023-20046?
CVE-2023-20046 has a severity rating of 8.8, which is considered high.
Which software is affected by CVE-2023-20046?
Cisco StarOS Software versions 21.22.14 up to 21.28.3 are affected by CVE-2023-20046.
How can I find more information about CVE-2023-20046?
For more information about CVE-2023-20046, you can refer to the following references: [GitHub Advisory](https://github.com/orangecertcc/security-research/security/advisories/GHSA-j7p3-gjw6-pp4r) and [Cisco Security Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco staros
- version/cisco staros/21.23.0
- version/cisco staros/21.25.0
- version/cisco staros/21.26.0
- version/cisco staros/21.27.0
- version/cisco staros/21.28.0
- version/cisco staros/21.23.n
- version/cisco staros/21.24
- version/cisco staros/21.27.m
- version/cisco staros/21.28.m
- canonical/cisco asr 5000
- canonical/cisco asr 5500
- canonical/cisco asr 5700
- canonical/cisco vpc-di
- canonical/cisco vpc-si