PT-2016-1472 · Cisco · Cisco Staros

Published

2016-02-19

Updated

2016-08-04

CVE-2016-1335

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco StarOS versions prior to 19.3.M0.62771 Cisco StarOS versions 20.x prior to 20.0.M0.62768

Description The issue is related to the SSH implementation in Cisco StarOS, which mishandles a multi-user public-key authentication configuration. This allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection.

Recommendations For Cisco StarOS versions prior to 19.3.M0.62771, update to version 19.3.M0.62771 or later. For Cisco StarOS versions 20.x prior to 20.0.M0.62768, update to version 20.0.M0.62768 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2016-00773

CVE-2016-1335

Affected Products

Cisco Staros

PT-2016-1472 · Cisco · Cisco Staros

CVE-2016-1335

Weakness Enumeration

Related Identifiers

Affected Products

References · 5