CVE-2021-1540

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.2HIGH
EPSS
0.3%
top 50.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco StarosCisco Cisco ASR 5000 Series Software
Timeline
PublishedJun 4
Latest updateMay 24

Description

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDcisco/staros21.17.021.17.10+5

🔴Vulnerability Details

2
GHSA
GHSA-f834-hxf4-wmxm: Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypa2022-05-24
CVEList
Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities2021-06-04

📋Vendor Advisories

1
Cisco
Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities2021-06-02
CVE-2021-1540 (HIGH CVSS 7.2) | Multiple vulnerabilities in the aut | cvebase.io