Vulnerabilities > Cisco > Staros > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-20046 | Insufficiently Protected Credentials vulnerability in Cisco Staros A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. | 8.8 |
| 2021-06-04 | CVE-2021-1539 | Unspecified vulnerability in Cisco Staros Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. | 8.8 |
| 2021-06-04 | CVE-2021-1540 | Unspecified vulnerability in Cisco Staros Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. | 7.2 |
| 2021-02-17 | CVE-2021-1378 | Unspecified vulnerability in Cisco Staros A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. | 7.5 |
| 2021-01-20 | CVE-2021-1353 | Unspecified vulnerability in Cisco Staros A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2020-08-17 | CVE-2020-3500 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Staros A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2019-06-20 | CVE-2019-1869 | Access of Uninitialized Pointer vulnerability in Cisco Staros A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. | 7.5 |
| 2018-07-16 | CVE-2018-0369 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-04-19 | CVE-2018-0239 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Staros A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. | 7.5 |
| 2017-07-06 | CVE-2017-6707 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. | 8.2 |