Vulnerabilites related to cisco - ultra_cloud_core
Vulnerability from fkie_nvd
Published
2022-04-06 19:15
Modified
2024-11-21 06:43
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37CB900-E6A6-404E-A212-100794776D72",
"versionEndExcluding": "21.22.n6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F638F13-D4D3-4606-ADDD-FE0835BFB0A4",
"versionEndExcluding": "21.23.n7",
"versionStartIncluding": "21.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E7750F-09A7-4885-A2B4-61C8FD2A73B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI de Cisco StarOS podr\u00eda permitir a un atacante local autenticado elevar los privilegios en un dispositivo afectado. Esta vulnerabilidad es debido a que no ha sido comprobado suficientemente la entrada de los comandos de la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de comandos dise\u00f1ados a la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con los privilegios del usuario root. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales administrativas v\u00e1lidas en un dispositivo afectado"
}
],
"id": "CVE-2022-20665",
"lastModified": "2024-11-21T06:43:16.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-06T19:15:07.947",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-16 22:15
Modified
2025-07-30 19:24
Severity ?
Summary
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
References
Impacted products
{
"cisaActionDue": "2025-06-30",
"cisaExploitAdd": "2025-06-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83BFB53-C1CC-4F9E-9794-EE0057EE770B",
"versionEndExcluding": "25.3.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4842AC3A-E1AE-491A-AFCE-F3669397CA82",
"versionEndExcluding": "26.2.5.11",
"versionStartIncluding": "26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36383ED9-EA7D-4AFF-B2C7-1FFD16207C54",
"versionEndExcluding": "27.3.3",
"versionStartIncluding": "27.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD911AA-C8F6-4109-A3B4-602AEAF2C77D",
"versionEndExcluding": "7.7.19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6F7512-CAC2-42DE-B150-D56AE6F78053",
"versionEndExcluding": "8.1.16.2",
"versionStartIncluding": "8.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1269B5-554F-42E0-95A1-BD22C5C23309",
"versionEndExcluding": "8.2.11.1",
"versionStartIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1C890C-D8CA-45FB-B70E-3960B0E9D41B",
"versionEndExcluding": "8.3.8.1",
"versionStartIncluding": "8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F31D4A-E5B4-4ED3-BE3C-07FFA0F4D689",
"versionEndExcluding": "8.4.4.1",
"versionStartIncluding": "8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C911AA6C-9CD2-48F5-BC9B-A2D1AACEED03",
"versionEndExcluding": "5.7.19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A800C1C-CED2-4D88-ADD3-1705DF8D1611",
"versionEndExcluding": "6.1.16.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C18189F-8645-4801-9217-B7A1E3539F89",
"versionEndExcluding": "6.2.11.1",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4EF3D5-5633-4C99-B4AE-360A2A3B985B",
"versionEndExcluding": "6.3.8.1",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "553AEE68-3FBE-453B-BD12-03FAF3BA6F2C",
"versionEndExcluding": "6.4.1.1",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCC5384-91EF-44D6-908B-CC019036273A",
"versionEndExcluding": "6.4.4.1",
"versionStartIncluding": "6.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F813EFB7-F2E8-4E36-BBF3-1FA1C2CB6035",
"versionEndExcluding": "2025.03.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1A6D3F-C7B9-415B-AE44-A263BFAA8B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D14D75E9-5247-4D0F-A92E-10821629089D",
"versionEndExcluding": "25.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_packet_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25BC4E65-0344-45F3-8570-CEBEAA26D302",
"versionEndExcluding": "2025.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "378484EF-6E71-4D73-8864-538A869F8D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDADC228-B7DA-405D-B704-4E6198D4308E",
"versionEndExcluding": "2025.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:optical_site_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A91EBA2-5C6A-43D1-9657-E0B0B2D214F4",
"versionEndExcluding": "25.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ncs_2000_shelf_virtualization_orchestrator_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBA50A5-A1E7-41C4-AC8C-19A2393ACF89",
"versionEndExcluding": "25.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_2000_shelf_virtualization_orchestrator_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66F36B9-0E4E-4AE0-9102-9B963C5E67D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BD0FB-372F-418B-A453-232D04C7C055",
"versionEndExcluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41890CCA-16A7-429C-8A31-F467141171A7",
"versionEndExcluding": "2025.03.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C81717-86CA-4B78-B60B-1ABEA71D0243",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B9D17F-A3E5-498D-9AE1-11915FEF8B3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFC99C1-954E-408B-8A08-C79941350F05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D5DF69-3106-40B4-9DEA-1655EC394E01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA3E845-95EC-4CAD-8105-2348F8D58E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33291CE9-C896-4798-BAD3-5ACA2A412E92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95737F9F-1779-4AAB-875E-2CD586A8B780",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA54684-D12C-4050-AFD3-A1A3E2B6585F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7440DB48-9ACC-4D14-A042-12946145AB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DBB708-31C2-499B-B6DC-2DC3501F2FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26BE8976-95F2-41DB-A76B-E67CF07DF500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules."
},
{
"lang": "es",
"value": "Erlang/OTP es un conjunto de librer\u00edas para el lenguaje de programaci\u00f3n Erlang. En versiones anteriores a OTP-27.3.3, OTP-26.2.5.11 y OTP-25.3.2.20, un servidor SSH pod\u00eda permitir a un atacante realizar una ejecuci\u00f3n remota de c\u00f3digo (RCE) sin autenticaci\u00f3n. Al explotar una falla en la gesti\u00f3n de mensajes del protocolo SSH, un atacante podr\u00eda obtener acceso no autorizado a los sistemas afectados y ejecutar comandos arbitrarios sin credenciales v\u00e1lidas. Este problema est\u00e1 corregido en las versiones OTP-27.3.3, OTP-26.2.5.11 y OTP-25.3.2.20. Una soluci\u00f3n temporal consiste en deshabilitar el servidor SSH o impedir el acceso mediante reglas de firewall."
}
],
"id": "CVE-2025-32433",
"lastModified": "2025-07-30T19:24:19.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-04-16T22:15:14.373",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit"
],
"url": "https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2022-20665 (GCVE-0-2022-20665)
Vulnerability from cvelistv5
Published
2022-04-06 18:13
Modified
2024-11-06 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ASR 5000 Series Software |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:17:52.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220303 Cisco StarOS Command Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:00:18.481701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:28:29.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ASR 5000 Series Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-06T18:13:40",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220303 Cisco StarOS Command Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
}
],
"source": {
"advisory": "cisco-sa-staros-cmdinj-759mNT4n",
"defect": [
[
"CSCvz22969"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco StarOS Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-03-03T00:00:00",
"ID": "CVE-2022-20665",
"STATE": "PUBLIC",
"TITLE": "Cisco StarOS Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ASR 5000 Series Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.0",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220303 Cisco StarOS Command Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n"
}
]
},
"source": {
"advisory": "cisco-sa-staros-cmdinj-759mNT4n",
"defect": [
[
"CSCvz22969"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20665",
"datePublished": "2022-04-06T18:13:41.066151Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:28:29.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32433 (GCVE-0-2025-32433)
Vulnerability from cvelistv5
Published
2025-04-16 21:34
Modified
2025-08-20 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:03:01.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32433",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T03:55:58.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-09T00:00:00+00:00",
"value": "CVE-2025-32433 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003e= OTP-27.0-rc1, \u003c OTP-27.3.3"
},
{
"status": "affected",
"version": "\u003e= OTP-26.0-rc1, \u003c OTP-26.2.5.11"
},
{
"status": "affected",
"version": "\u003c OTP-25.3.2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T21:34:37.457Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"
},
{
"name": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
},
{
"name": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
},
{
"name": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
}
],
"source": {
"advisory": "GHSA-37cp-fgq5-7wc2",
"discovery": "UNKNOWN"
},
"title": "Erlang/OTP SSH Vulnerable to Pre-Authentication RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32433",
"datePublished": "2025-04-16T21:34:37.457Z",
"dateReserved": "2025-04-08T10:54:58.368Z",
"dateUpdated": "2025-08-20T03:55:58.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}