PT-2021-1769 · Cisco · Cisco Staros

Published

2021-01-13

Updated

2021-01-20

CVE-2021-1145

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Cisco StarOS for Cisco ASR 5000 Series Routers (affected versions not specified)

Description: The issue is related to insecure handling of symbolic links in the Secure FTP (SFTP) implementation of Cisco StarOS for Cisco ASR 5000 Series Routers. This could allow an authenticated, remote attacker to read arbitrary files on an affected device by sending a crafted SFTP command. The attacker would need to have valid credentials on the affected device to exploit this issue.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-61

Related Identifiers

BDU:2021-00472

CVE-2021-1145

Affected Products

Cisco Staros

PT-2021-1769 · Cisco · Cisco Staros

CVE-2021-1145

Weakness Enumeration

Related Identifiers

Affected Products

References · 5