CVE-2021-1540

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:cisco:virtualized_packet_core:-:*:*:*:*:*:*:*

History

14 Jun 2021, 17:56

Type Values Removed Values Added
CWE CWE-863
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.0
v3 : 7.2
CPE cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:virtualized_packet_core:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*

04 Jun 2021, 17:59

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-04 17:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-1540

Mitre link : CVE-2021-1540

CVE.ORG link : CVE-2021-1540


JSON object : View

Products Affected

cisco

  • asr_5000
  • asr_5700
  • asr_5500
  • virtualized_packet_core
  • staros
CWE
CWE-863

Incorrect Authorization