CVE-2021-1145

CWE-61CWE-594 documents4 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 51.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco StarosCisco Cisco ASR 5000 Series Software
Timeline
PublishedJan 13
Latest updateMay 24

Description

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacke

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/staros< 21.19.7

🔴Vulnerability Details

2
GHSA
GHSA-4hw8-23gq-m2qg: A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbit2022-05-24
CVEList
Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability2021-01-13

📋Vendor Advisories

1
Cisco
Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability2021-01-13
CVE-2021-1145 (MEDIUM CVSS 6.5) | A vulnerability in the Secure FTP ( | cvebase.io