CVE-2020-3601

Name of the Vulnerable Software and Affected Versions Cisco StarOS operating system for Cisco ASR 5000 Series Routers (affected versions not specified)

Description The issue is related to insufficient input validation of CLI commands, which could allow an authenticated, local attacker to elevate privileges on an affected device. An attacker could exploit this by sending crafted commands to the CLI, potentially executing arbitrary code with the privileges of the root user. The attacker would need valid administrative credentials on the affected device to exploit this issue.

Recommendations To resolve the issue, update the Cisco StarOS operating system to a version that includes the fix for the insufficient input validation of CLI commands. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation. Avoid using the CLI for administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.