CVE-2023-20046

Name of the Vulnerable Software and Affected Versions Cisco StarOS Software (affected versions not specified)

Description The issue arises from insufficient validation of user-supplied credentials in the key-based SSH authentication feature. This could allow a remote attacker to elevate privileges on an affected device by sending a valid low-privileged SSH key from a host with an IP address configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.

Recommendations As a temporary workaround, consider restricting access to the SSH authentication feature until a patch is available. Restrict the use of low-privileged SSH keys to minimize the risk of exploitation. There are workarounds that address this vulnerability, but specific details are not provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.