Vulnerabilities > Cisco > Staros > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2022-20665 | Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2021-01-13 | CVE-2021-1145 | Link Following vulnerability in Cisco Staros A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. | 6.5 |
| 2020-10-08 | CVE-2020-3602 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-10-08 | CVE-2020-3601 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-06-18 | CVE-2020-3244 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. | 5.3 |
| 2020-01-26 | CVE-2019-16026 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. | 5.9 |
| 2018-04-19 | CVE-2018-0273 | Unspecified vulnerability in Cisco Staros A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. | 5.3 |
| 2018-03-08 | CVE-2018-0224 | OS Command Injection vulnerability in Cisco Staros 21.3.0.67664/21.5.0 A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. | 6.7 |
| 2018-02-08 | CVE-2018-0122 | OS Command Injection vulnerability in Cisco Staros 21.3.0.67664 A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. | 4.4 |
| 2018-01-18 | CVE-2018-0115 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. | 6.7 |