CVE-2018-0122

Name of the Vulnerable Software and Affected Versions: Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers (affected versions not specified)

Description: A vulnerability in the CLI of the Cisco StarOS operating system could allow an authenticated, local attacker to overwrite system files stored in the flash memory of an affected system. The issue is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this by injecting crafted command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to overwrite or modify arbitrary files stored in the flash memory. The attacker would need to authenticate to an affected system using valid administrator credentials.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.