Cisco Staros vulnerabilities

CVE-2025-32433 [CRITICAL] CWE-306 CVE-2025-32433: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems a

CVE-2023-20046 [HIGH] CWE-289 CVE-2023-20046: A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an af

CVE-2022-20665 [MEDIUM] CWE-77 CVE-2022-20665: A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate p A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute a

CVE-2021-1539 [HIGH] CWE-863 CVE-2021-1539: Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) cou Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1540 [HIGH] CWE-863 CVE-2021-1540: Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) cou Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1378 [MEDIUM] CWE-400 CVE-2021-1378: A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticat A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vuln

CVE-2021-1353 [MEDIUM] CWE-401 CVE-2021-1353: A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets throug

CVE-2021-1145 [MEDIUM] CWE-61 CVE-2021-1145: A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could all A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links.

CVE-2020-3602 [MEDIUM] CWE-20 CVE-2020-3602: A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successfu

CVE-2020-3601 [MEDIUM] CWE-20 CVE-2020-3601: A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successfu

CVE-2020-3500 [MEDIUM] CWE-119 CVE-2020-3500: A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote at A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device

CVE-2020-3244 [MEDIUM] CWE-20 CVE-2020-3244: A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggreg A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attack

CVE-2019-16026 [MEDIUM] CWE-20 CVE-2019-16026: A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mo A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic.

CVE-2019-1869 [HIGH] CWE-824 CVE-2019-1869: A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific

CVE-2018-0369 [HIGH] CWE-20 CVE-2018-0369: A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtu A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handli

CVE-2018-0239 [HIGH] CWE-20 CVE-2018-0239: A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system f A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manu

CVE-2018-0273 [MEDIUM] CWE-399 CVE-2018-0273: A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 500 A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition

CVE-2018-0224 [MEDIUM] CWE-77 CVE-2018-0224: A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregatio A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating syste

CVE-2018-0122 [MEDIUM] CWE-20 CVE-2018-0122: A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregatio A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating syst

CVE-2017-6707 [HIGH] CWE-78 CVE-2017-6707: A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5 A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Li