CVE-2017-3819

Name of the Vulnerable Software and Affected Versions StarOS versions after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices running StarOS versions after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 Cisco Virtualized Packet Core - Single Instance (VPC-SI) devices running StarOS prior to N4.2.7 (19.3.v7) Cisco Virtualized Packet Core - Distributed Instance (VPC-DI) devices running StarOS prior to N4.7 (20.2.v0)

Description The vulnerability is related to the Secure Shell subsystem in the StarOS operating system and Cisco Virtualized Packet Core, which is caused by missing input validation of parameters passed during SSH or SFTP login. This could allow an authenticated, remote attacker to gain unrestricted, root shell access. The attacker must have valid credentials to login to the system via SSH or SFTP and establish a TCP connection toward port 22, the SSH default port. The vulnerability can be triggered via both IPv4 and IPv6 traffic.

Recommendations For StarOS versions after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3, update to version 18.7.4, 19.5, or 20.2.3 or later. For Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices running StarOS versions after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3, update to version 18.7.4, 19.5, or 20.2.3 or later. For Cisco Virtualized Packet Core - Single Instance (VPC-SI) devices running StarOS prior to N4.2.7 (19.3.v7), update to N4.2.7 (19.3.v7) or later. For Cisco Virtualized Packet Core - Distributed Instance (VPC-DI) devices running StarOS prior to N4.7 (20.2.v0), update to N4.7 (20.2.v0) or later. As a temporary workaround, consider restricting access to the SSH or SFTP command-line interface (CLI) during login to minimize the risk of exploitation.