Action not permitted
Modal body text goes here.
Modal Title
Modal Body
fkie_cve-2023-20046
Vulnerability from fkie_nvd
Published
2023-05-09 18:15
Modified
2024-11-21 07:40
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.
There are workarounds that address this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1280E939-FA8A-49E4-AE06-616B152929CF",
"versionEndExcluding": "21.22.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2C7A63-E17A-487D-8CCF-3346FDA2859F",
"versionEndExcluding": "21.23.31",
"versionStartIncluding": "21.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58A574-77D9-4EC5-9D57-8D244EF7BDB8",
"versionEndExcluding": "21.25.15",
"versionStartIncluding": "21.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9507CCB-0340-40D6-AAF3-D2EA3D3EE408",
"versionEndExcluding": "21.26.17",
"versionStartIncluding": "21.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9F9D50-DA13-410A-9571-6FA9436165E8",
"versionEndExcluding": "21.27.6",
"versionStartIncluding": "21.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "833F9A52-2976-4F2C-AA87-FD50BB83BB3D",
"versionEndExcluding": "21.28.3",
"versionStartIncluding": "21.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:21.23.n:*:*:*:*:*:*:*",
"matchCriteriaId": "CD63EE8D-0389-4589-BF86-0F64A8AEDA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:21.24:*:*:*:*:*:*:*",
"matchCriteriaId": "A0534E44-1CD6-49CB-A574-D7B2CF14CC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:21.27.m:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1BBD53-BF16-4841-9D20-D2C4129A337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:staros:21.28.m:*:*:*:*:*:*:*",
"matchCriteriaId": "47DCE4FD-48D4-4B25-BBAE-24D270627FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:vpc-di:-:*:*:*:*:*:*:*",
"matchCriteriaId": "775B2FC4-E182-47F8-B786-EC6A359BCCE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:vpc-si:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD5A5BE-9B00-4E4F-A4A4-FBEF990F4C39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability."
}
],
"id": "CVE-2023-20046",
"lastModified": "2024-11-21T07:40:25.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-09T18:15:11.697",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-289"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-20046 (GCVE-0-2023-20046)
Vulnerability from cvelistv5
Published
2023-05-09 13:06
Modified
2024-08-02 08:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-289 - Authentication Bypass by Alternate Name
Summary
A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.
There are workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco ASR 5000 Series Software |
Version: 21.11.0 Version: 21.11.1 Version: 21.11.2 Version: 21.11.3 Version: 21.11.10 Version: 21.11.11 Version: 21.11.12 Version: 21.11.13 Version: 21.11.14 Version: 21.11.4 Version: 21.11.5 Version: 21.11.6 Version: 21.11.7 Version: 21.11.8 Version: 21.11.9 Version: 21.11.15 Version: 21.11.16 Version: 21.11.17 Version: 21.11.18 Version: 21.11.19 Version: 21.11.20 Version: 21.11.21 Version: 21.12.0 Version: 21.12.1 Version: 21.12.2 Version: 21.12.3 Version: 21.12.4 Version: 21.12.5 Version: 21.12.6 Version: 21.12.10 Version: 21.12.11 Version: 21.12.12 Version: 21.12.13 Version: 21.12.14 Version: 21.12.16 Version: 21.12.17 Version: 21.12.18 Version: 21.12.7 Version: 21.12.8 Version: 21.12.9 Version: 21.12.19 Version: 21.12.20 Version: 21.12.21 Version: 21.12.22 Version: 21.12.15 Version: 21.13.0 Version: 21.13.1 Version: 21.13.2 Version: 21.13.3 Version: 21.13.4 Version: 21.13.10 Version: 21.13.11 Version: 21.13.12 Version: 21.13.13 Version: 21.13.14 Version: 21.13.15 Version: 21.13.16 Version: 21.13.17 Version: 21.13.18 Version: 21.13.19 Version: 21.13.20 Version: 21.13.5 Version: 21.13.6 Version: 21.13.7 Version: 21.13.8 Version: 21.13.9 Version: 21.13.21 Version: 21.14.0 Version: 21.14.1 Version: 21.14.10 Version: 21.14.11 Version: 21.14.12 Version: 21.14.16 Version: 21.14.17 Version: 21.14.19 Version: 21.14.2 Version: 21.14.20 Version: 21.14.3 Version: 21.14.4 Version: 21.14.5 Version: 21.14.6 Version: 21.14.7 Version: 21.14.8 Version: 21.14.9 Version: 21.14.b12 Version: 21.14.b13 Version: 21.14.b14 Version: 21.14.b15 Version: 21.14.b17 Version: 21.14.b18 Version: 21.14.b19 Version: 21.14.b20 Version: 21.14.b21 Version: 21.14.22 Version: 21.14.b22 Version: 21.14.23 Version: 21.15.0 Version: 21.15.1 Version: 21.15.10 Version: 21.15.11 Version: 21.15.12 Version: 21.15.13 Version: 21.15.14 Version: 21.15.15 Version: 21.15.16 Version: 21.15.17 Version: 21.15.18 Version: 21.15.19 Version: 21.15.2 Version: 21.15.20 Version: 21.15.21 Version: 21.15.22 Version: 21.15.24 Version: 21.15.25 Version: 21.15.26 Version: 21.15.27 Version: 21.15.28 Version: 21.15.29 Version: 21.15.3 Version: 21.15.30 Version: 21.15.32 Version: 21.15.33 Version: 21.15.36 Version: 21.15.37 Version: 21.15.39 Version: 21.15.4 Version: 21.15.40 Version: 21.15.41 Version: 21.15.5 Version: 21.15.6 Version: 21.15.7 Version: 21.15.8 Version: 21.15.43 Version: 21.15.45 Version: 21.15.46 Version: 21.15.47 Version: 21.15.48 Version: 21.15.51 Version: 21.15.52 Version: 21.15.53 Version: 21.15.54 Version: 21.15.55 Version: 21.15.57 Version: 21.15.58 Version: 21.15.59 Version: 21.15.60 Version: 21.16.2 Version: 21.16.3 Version: 21.16.4 Version: 21.16.5 Version: 21.16.c10 Version: 21.16.c11 Version: 21.16.c12 Version: 21.16.c13 Version: 21.16.c9 Version: 21.16.d0 Version: 21.16.d1 Version: 21.16.6 Version: 21.16.c14 Version: 21.16.7 Version: 21.16.c15 Version: 21.16.8 Version: 21.16.c16 Version: 21.16.10 Version: 21.16.9 Version: 21.16.c17 Version: 21.16.c18 Version: 21.16.c19 Version: 21.17.0 Version: 21.17.1 Version: 21.17.2 Version: 21.17.3 Version: 21.17.4 Version: 21.17.5 Version: 21.17.6 Version: 21.17.7 Version: 21.17.8 Version: 21.17.10 Version: 21.17.11 Version: 21.17.9 Version: 21.17.12 Version: 21.17.13 Version: 21.17.14 Version: 21.17.15 Version: 21.17.16 Version: 21.17.17 Version: 21.17.18 Version: 21.17.19 Version: 21.18.0 Version: 21.18.1 Version: 21.18.2 Version: 21.18.3 Version: 21.18.4 Version: 21.18.5 Version: 21.18.11 Version: 21.18.6 Version: 21.18.7 Version: 21.18.8 Version: 21.18.9 Version: 21.18.12 Version: 21.18.13 Version: 21.18.14 Version: 21.18.15 Version: 21.18.16 Version: 21.18.17 Version: 21.18.18 Version: 21.18.19 Version: 21.18.20 Version: 21.18.21 Version: 21.18.22 Version: 21.18.23 Version: 21.18.24 Version: 21.18.25 Version: 21.18.26 Version: 21.19.0 Version: 21.19.1 Version: 21.19.2 Version: 21.19.3 Version: 21.19.n2 Version: 21.19.4 Version: 21.19.5 Version: 21.19.n3 Version: 21.19.n4 Version: 21.19.6 Version: 21.19.7 Version: 21.19.8 Version: 21.19.n5 Version: 21.19.10 Version: 21.19.9 Version: 21.19.n6 Version: 21.19.n7 Version: 21.19.n8 Version: 21.19.11 Version: 21.19.n10 Version: 21.19.n11 Version: 21.19.n12 Version: 21.19.n13 Version: 21.19.n14 Version: 21.19.n15 Version: 21.19.n16 Version: 21.19.n9 Version: 21.19.n17 Version: 21.19.n18 Version: 21.20.0 Version: 21.20.1 Version: 21.20.SV1 Version: 21.20.SV3 Version: 21.20.SV5 Version: 21.20.2 Version: 21.20.3 Version: 21.20.4 Version: 21.20.5 Version: 21.20.6 Version: 21.20.7 Version: 21.20.8 Version: 21.20.9 Version: 21.20.k6 Version: 21.20.10 Version: 21.20.11 Version: 21.20.k7 Version: 21.20.u8 Version: 21.20.12 Version: 21.20.13 Version: 21.20.14 Version: 21.20.k8 Version: 21.20.p9 Version: 21.20.15 Version: 21.20.16 Version: 21.20.17 Version: 21.20.18 Version: 21.20.19 Version: 21.20.20 Version: 21.20.21 Version: 21.20.22 Version: 21.20.23 Version: 21.20.24 Version: 21.20.25 Version: 21.20.26 Version: 21.20.28 Version: 21.20.29 Version: 21.20.30 Version: 21.20.c22 Version: 21.20.31 Version: 21.20.32 Version: 21.20.33 Version: 21.20.34 Version: 21.20.35 Version: 21.20.27 Version: 21.20.SV2 Version: 21.21.0 Version: 21.21.1 Version: 21.21.2 Version: 21.21.3 Version: 21.21.KS2 Version: 21.22.0 Version: 21.22.n2 Version: 21.22.n3 Version: 21.22.3 Version: 21.22.4 Version: 21.22.5 Version: 21.22.uj3 Version: 21.22.11 Version: 21.22.6 Version: 21.22.7 Version: 21.22.8 Version: 21.22.n4 Version: 21.22.n5 Version: 21.22.ua0 Version: 21.22.ua2 Version: 21.22.ua3 Version: 21.22.ua5 Version: 21.22.12 Version: 21.22.13 Version: 21.22.n10 Version: 21.22.n11 Version: 21.22.n12 Version: 21.22.n6 Version: 21.22.n7 Version: 21.22.n8 Version: 21.22.n9 Version: 21.22.n13 Version: 21.23.0 Version: 21.23.1 Version: 21.23.10 Version: 21.23.11 Version: 21.23.12 Version: 21.23.13 Version: 21.23.14 Version: 21.23.15 Version: 21.23.16 Version: 21.23.17 Version: 21.23.2 Version: 21.23.3 Version: 21.23.4 Version: 21.23.5 Version: 21.23.6 Version: 21.23.7 Version: 21.23.8 Version: 21.23.9 Version: 21.23.b2 Version: 21.23.b3 Version: 21.23.c16 Version: 21.23.c17 Version: 21.23.n6 Version: 21.23.n7 Version: 21.23.n9 Version: 21.23.18 Version: 21.23.19 Version: 21.23.21 Version: 21.23.22 Version: 21.23.23 Version: 21.23.24 Version: 21.23.25 Version: 21.23.26 Version: 21.23.27 Version: 21.23.29 Version: 21.23.30 Version: 21.23.c18 Version: 21.23.n10 Version: 21.23.n11 Version: 21.23.n8 Version: 21.23.yn14 Version: 21.24.0 Version: 21.24.1 Version: 21.24.2 Version: 21.24.3 Version: 21.25.0 Version: 21.25.3 Version: 21.25.4 Version: 21.25.5 Version: 21.25.10 Version: 21.25.11 Version: 21.25.12 Version: 21.25.13 Version: 21.25.14 Version: 21.25.6 Version: 21.25.7 Version: 21.25.8 Version: 21.25.9 Version: 21.26.0 Version: 21.26.1 Version: 21.26.10 Version: 21.26.13 Version: 21.26.14 Version: 21.26.15 Version: 21.26.3 Version: 21.26.5 Version: 21.26.6 Version: 21.26.7 Version: 21.26.17 Version: 21.27.0 Version: 21.27.1 Version: 21.27.2 Version: 21.27.3 Version: 21.27.4 Version: 21.27.5 Version: 21.27.m0 Version: 21.28.0 Version: 21.28.1 Version: 21.28.2 Version: 21.28.m0 Version: 21.28.m1 Version: 21.28.m2 Version: 21.28.m3 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco ASR 5000 Series Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "21.11.0"
},
{
"status": "affected",
"version": "21.11.1"
},
{
"status": "affected",
"version": "21.11.2"
},
{
"status": "affected",
"version": "21.11.3"
},
{
"status": "affected",
"version": "21.11.10"
},
{
"status": "affected",
"version": "21.11.11"
},
{
"status": "affected",
"version": "21.11.12"
},
{
"status": "affected",
"version": "21.11.13"
},
{
"status": "affected",
"version": "21.11.14"
},
{
"status": "affected",
"version": "21.11.4"
},
{
"status": "affected",
"version": "21.11.5"
},
{
"status": "affected",
"version": "21.11.6"
},
{
"status": "affected",
"version": "21.11.7"
},
{
"status": "affected",
"version": "21.11.8"
},
{
"status": "affected",
"version": "21.11.9"
},
{
"status": "affected",
"version": "21.11.15"
},
{
"status": "affected",
"version": "21.11.16"
},
{
"status": "affected",
"version": "21.11.17"
},
{
"status": "affected",
"version": "21.11.18"
},
{
"status": "affected",
"version": "21.11.19"
},
{
"status": "affected",
"version": "21.11.20"
},
{
"status": "affected",
"version": "21.11.21"
},
{
"status": "affected",
"version": "21.12.0"
},
{
"status": "affected",
"version": "21.12.1"
},
{
"status": "affected",
"version": "21.12.2"
},
{
"status": "affected",
"version": "21.12.3"
},
{
"status": "affected",
"version": "21.12.4"
},
{
"status": "affected",
"version": "21.12.5"
},
{
"status": "affected",
"version": "21.12.6"
},
{
"status": "affected",
"version": "21.12.10"
},
{
"status": "affected",
"version": "21.12.11"
},
{
"status": "affected",
"version": "21.12.12"
},
{
"status": "affected",
"version": "21.12.13"
},
{
"status": "affected",
"version": "21.12.14"
},
{
"status": "affected",
"version": "21.12.16"
},
{
"status": "affected",
"version": "21.12.17"
},
{
"status": "affected",
"version": "21.12.18"
},
{
"status": "affected",
"version": "21.12.7"
},
{
"status": "affected",
"version": "21.12.8"
},
{
"status": "affected",
"version": "21.12.9"
},
{
"status": "affected",
"version": "21.12.19"
},
{
"status": "affected",
"version": "21.12.20"
},
{
"status": "affected",
"version": "21.12.21"
},
{
"status": "affected",
"version": "21.12.22"
},
{
"status": "affected",
"version": "21.12.15"
},
{
"status": "affected",
"version": "21.13.0"
},
{
"status": "affected",
"version": "21.13.1"
},
{
"status": "affected",
"version": "21.13.2"
},
{
"status": "affected",
"version": "21.13.3"
},
{
"status": "affected",
"version": "21.13.4"
},
{
"status": "affected",
"version": "21.13.10"
},
{
"status": "affected",
"version": "21.13.11"
},
{
"status": "affected",
"version": "21.13.12"
},
{
"status": "affected",
"version": "21.13.13"
},
{
"status": "affected",
"version": "21.13.14"
},
{
"status": "affected",
"version": "21.13.15"
},
{
"status": "affected",
"version": "21.13.16"
},
{
"status": "affected",
"version": "21.13.17"
},
{
"status": "affected",
"version": "21.13.18"
},
{
"status": "affected",
"version": "21.13.19"
},
{
"status": "affected",
"version": "21.13.20"
},
{
"status": "affected",
"version": "21.13.5"
},
{
"status": "affected",
"version": "21.13.6"
},
{
"status": "affected",
"version": "21.13.7"
},
{
"status": "affected",
"version": "21.13.8"
},
{
"status": "affected",
"version": "21.13.9"
},
{
"status": "affected",
"version": "21.13.21"
},
{
"status": "affected",
"version": "21.14.0"
},
{
"status": "affected",
"version": "21.14.1"
},
{
"status": "affected",
"version": "21.14.10"
},
{
"status": "affected",
"version": "21.14.11"
},
{
"status": "affected",
"version": "21.14.12"
},
{
"status": "affected",
"version": "21.14.16"
},
{
"status": "affected",
"version": "21.14.17"
},
{
"status": "affected",
"version": "21.14.19"
},
{
"status": "affected",
"version": "21.14.2"
},
{
"status": "affected",
"version": "21.14.20"
},
{
"status": "affected",
"version": "21.14.3"
},
{
"status": "affected",
"version": "21.14.4"
},
{
"status": "affected",
"version": "21.14.5"
},
{
"status": "affected",
"version": "21.14.6"
},
{
"status": "affected",
"version": "21.14.7"
},
{
"status": "affected",
"version": "21.14.8"
},
{
"status": "affected",
"version": "21.14.9"
},
{
"status": "affected",
"version": "21.14.b12"
},
{
"status": "affected",
"version": "21.14.b13"
},
{
"status": "affected",
"version": "21.14.b14"
},
{
"status": "affected",
"version": "21.14.b15"
},
{
"status": "affected",
"version": "21.14.b17"
},
{
"status": "affected",
"version": "21.14.b18"
},
{
"status": "affected",
"version": "21.14.b19"
},
{
"status": "affected",
"version": "21.14.b20"
},
{
"status": "affected",
"version": "21.14.b21"
},
{
"status": "affected",
"version": "21.14.22"
},
{
"status": "affected",
"version": "21.14.b22"
},
{
"status": "affected",
"version": "21.14.23"
},
{
"status": "affected",
"version": "21.15.0"
},
{
"status": "affected",
"version": "21.15.1"
},
{
"status": "affected",
"version": "21.15.10"
},
{
"status": "affected",
"version": "21.15.11"
},
{
"status": "affected",
"version": "21.15.12"
},
{
"status": "affected",
"version": "21.15.13"
},
{
"status": "affected",
"version": "21.15.14"
},
{
"status": "affected",
"version": "21.15.15"
},
{
"status": "affected",
"version": "21.15.16"
},
{
"status": "affected",
"version": "21.15.17"
},
{
"status": "affected",
"version": "21.15.18"
},
{
"status": "affected",
"version": "21.15.19"
},
{
"status": "affected",
"version": "21.15.2"
},
{
"status": "affected",
"version": "21.15.20"
},
{
"status": "affected",
"version": "21.15.21"
},
{
"status": "affected",
"version": "21.15.22"
},
{
"status": "affected",
"version": "21.15.24"
},
{
"status": "affected",
"version": "21.15.25"
},
{
"status": "affected",
"version": "21.15.26"
},
{
"status": "affected",
"version": "21.15.27"
},
{
"status": "affected",
"version": "21.15.28"
},
{
"status": "affected",
"version": "21.15.29"
},
{
"status": "affected",
"version": "21.15.3"
},
{
"status": "affected",
"version": "21.15.30"
},
{
"status": "affected",
"version": "21.15.32"
},
{
"status": "affected",
"version": "21.15.33"
},
{
"status": "affected",
"version": "21.15.36"
},
{
"status": "affected",
"version": "21.15.37"
},
{
"status": "affected",
"version": "21.15.39"
},
{
"status": "affected",
"version": "21.15.4"
},
{
"status": "affected",
"version": "21.15.40"
},
{
"status": "affected",
"version": "21.15.41"
},
{
"status": "affected",
"version": "21.15.5"
},
{
"status": "affected",
"version": "21.15.6"
},
{
"status": "affected",
"version": "21.15.7"
},
{
"status": "affected",
"version": "21.15.8"
},
{
"status": "affected",
"version": "21.15.43"
},
{
"status": "affected",
"version": "21.15.45"
},
{
"status": "affected",
"version": "21.15.46"
},
{
"status": "affected",
"version": "21.15.47"
},
{
"status": "affected",
"version": "21.15.48"
},
{
"status": "affected",
"version": "21.15.51"
},
{
"status": "affected",
"version": "21.15.52"
},
{
"status": "affected",
"version": "21.15.53"
},
{
"status": "affected",
"version": "21.15.54"
},
{
"status": "affected",
"version": "21.15.55"
},
{
"status": "affected",
"version": "21.15.57"
},
{
"status": "affected",
"version": "21.15.58"
},
{
"status": "affected",
"version": "21.15.59"
},
{
"status": "affected",
"version": "21.15.60"
},
{
"status": "affected",
"version": "21.16.2"
},
{
"status": "affected",
"version": "21.16.3"
},
{
"status": "affected",
"version": "21.16.4"
},
{
"status": "affected",
"version": "21.16.5"
},
{
"status": "affected",
"version": "21.16.c10"
},
{
"status": "affected",
"version": "21.16.c11"
},
{
"status": "affected",
"version": "21.16.c12"
},
{
"status": "affected",
"version": "21.16.c13"
},
{
"status": "affected",
"version": "21.16.c9"
},
{
"status": "affected",
"version": "21.16.d0"
},
{
"status": "affected",
"version": "21.16.d1"
},
{
"status": "affected",
"version": "21.16.6"
},
{
"status": "affected",
"version": "21.16.c14"
},
{
"status": "affected",
"version": "21.16.7"
},
{
"status": "affected",
"version": "21.16.c15"
},
{
"status": "affected",
"version": "21.16.8"
},
{
"status": "affected",
"version": "21.16.c16"
},
{
"status": "affected",
"version": "21.16.10"
},
{
"status": "affected",
"version": "21.16.9"
},
{
"status": "affected",
"version": "21.16.c17"
},
{
"status": "affected",
"version": "21.16.c18"
},
{
"status": "affected",
"version": "21.16.c19"
},
{
"status": "affected",
"version": "21.17.0"
},
{
"status": "affected",
"version": "21.17.1"
},
{
"status": "affected",
"version": "21.17.2"
},
{
"status": "affected",
"version": "21.17.3"
},
{
"status": "affected",
"version": "21.17.4"
},
{
"status": "affected",
"version": "21.17.5"
},
{
"status": "affected",
"version": "21.17.6"
},
{
"status": "affected",
"version": "21.17.7"
},
{
"status": "affected",
"version": "21.17.8"
},
{
"status": "affected",
"version": "21.17.10"
},
{
"status": "affected",
"version": "21.17.11"
},
{
"status": "affected",
"version": "21.17.9"
},
{
"status": "affected",
"version": "21.17.12"
},
{
"status": "affected",
"version": "21.17.13"
},
{
"status": "affected",
"version": "21.17.14"
},
{
"status": "affected",
"version": "21.17.15"
},
{
"status": "affected",
"version": "21.17.16"
},
{
"status": "affected",
"version": "21.17.17"
},
{
"status": "affected",
"version": "21.17.18"
},
{
"status": "affected",
"version": "21.17.19"
},
{
"status": "affected",
"version": "21.18.0"
},
{
"status": "affected",
"version": "21.18.1"
},
{
"status": "affected",
"version": "21.18.2"
},
{
"status": "affected",
"version": "21.18.3"
},
{
"status": "affected",
"version": "21.18.4"
},
{
"status": "affected",
"version": "21.18.5"
},
{
"status": "affected",
"version": "21.18.11"
},
{
"status": "affected",
"version": "21.18.6"
},
{
"status": "affected",
"version": "21.18.7"
},
{
"status": "affected",
"version": "21.18.8"
},
{
"status": "affected",
"version": "21.18.9"
},
{
"status": "affected",
"version": "21.18.12"
},
{
"status": "affected",
"version": "21.18.13"
},
{
"status": "affected",
"version": "21.18.14"
},
{
"status": "affected",
"version": "21.18.15"
},
{
"status": "affected",
"version": "21.18.16"
},
{
"status": "affected",
"version": "21.18.17"
},
{
"status": "affected",
"version": "21.18.18"
},
{
"status": "affected",
"version": "21.18.19"
},
{
"status": "affected",
"version": "21.18.20"
},
{
"status": "affected",
"version": "21.18.21"
},
{
"status": "affected",
"version": "21.18.22"
},
{
"status": "affected",
"version": "21.18.23"
},
{
"status": "affected",
"version": "21.18.24"
},
{
"status": "affected",
"version": "21.18.25"
},
{
"status": "affected",
"version": "21.18.26"
},
{
"status": "affected",
"version": "21.19.0"
},
{
"status": "affected",
"version": "21.19.1"
},
{
"status": "affected",
"version": "21.19.2"
},
{
"status": "affected",
"version": "21.19.3"
},
{
"status": "affected",
"version": "21.19.n2"
},
{
"status": "affected",
"version": "21.19.4"
},
{
"status": "affected",
"version": "21.19.5"
},
{
"status": "affected",
"version": "21.19.n3"
},
{
"status": "affected",
"version": "21.19.n4"
},
{
"status": "affected",
"version": "21.19.6"
},
{
"status": "affected",
"version": "21.19.7"
},
{
"status": "affected",
"version": "21.19.8"
},
{
"status": "affected",
"version": "21.19.n5"
},
{
"status": "affected",
"version": "21.19.10"
},
{
"status": "affected",
"version": "21.19.9"
},
{
"status": "affected",
"version": "21.19.n6"
},
{
"status": "affected",
"version": "21.19.n7"
},
{
"status": "affected",
"version": "21.19.n8"
},
{
"status": "affected",
"version": "21.19.11"
},
{
"status": "affected",
"version": "21.19.n10"
},
{
"status": "affected",
"version": "21.19.n11"
},
{
"status": "affected",
"version": "21.19.n12"
},
{
"status": "affected",
"version": "21.19.n13"
},
{
"status": "affected",
"version": "21.19.n14"
},
{
"status": "affected",
"version": "21.19.n15"
},
{
"status": "affected",
"version": "21.19.n16"
},
{
"status": "affected",
"version": "21.19.n9"
},
{
"status": "affected",
"version": "21.19.n17"
},
{
"status": "affected",
"version": "21.19.n18"
},
{
"status": "affected",
"version": "21.20.0"
},
{
"status": "affected",
"version": "21.20.1"
},
{
"status": "affected",
"version": "21.20.SV1"
},
{
"status": "affected",
"version": "21.20.SV3"
},
{
"status": "affected",
"version": "21.20.SV5"
},
{
"status": "affected",
"version": "21.20.2"
},
{
"status": "affected",
"version": "21.20.3"
},
{
"status": "affected",
"version": "21.20.4"
},
{
"status": "affected",
"version": "21.20.5"
},
{
"status": "affected",
"version": "21.20.6"
},
{
"status": "affected",
"version": "21.20.7"
},
{
"status": "affected",
"version": "21.20.8"
},
{
"status": "affected",
"version": "21.20.9"
},
{
"status": "affected",
"version": "21.20.k6"
},
{
"status": "affected",
"version": "21.20.10"
},
{
"status": "affected",
"version": "21.20.11"
},
{
"status": "affected",
"version": "21.20.k7"
},
{
"status": "affected",
"version": "21.20.u8"
},
{
"status": "affected",
"version": "21.20.12"
},
{
"status": "affected",
"version": "21.20.13"
},
{
"status": "affected",
"version": "21.20.14"
},
{
"status": "affected",
"version": "21.20.k8"
},
{
"status": "affected",
"version": "21.20.p9"
},
{
"status": "affected",
"version": "21.20.15"
},
{
"status": "affected",
"version": "21.20.16"
},
{
"status": "affected",
"version": "21.20.17"
},
{
"status": "affected",
"version": "21.20.18"
},
{
"status": "affected",
"version": "21.20.19"
},
{
"status": "affected",
"version": "21.20.20"
},
{
"status": "affected",
"version": "21.20.21"
},
{
"status": "affected",
"version": "21.20.22"
},
{
"status": "affected",
"version": "21.20.23"
},
{
"status": "affected",
"version": "21.20.24"
},
{
"status": "affected",
"version": "21.20.25"
},
{
"status": "affected",
"version": "21.20.26"
},
{
"status": "affected",
"version": "21.20.28"
},
{
"status": "affected",
"version": "21.20.29"
},
{
"status": "affected",
"version": "21.20.30"
},
{
"status": "affected",
"version": "21.20.c22"
},
{
"status": "affected",
"version": "21.20.31"
},
{
"status": "affected",
"version": "21.20.32"
},
{
"status": "affected",
"version": "21.20.33"
},
{
"status": "affected",
"version": "21.20.34"
},
{
"status": "affected",
"version": "21.20.35"
},
{
"status": "affected",
"version": "21.20.27"
},
{
"status": "affected",
"version": "21.20.SV2"
},
{
"status": "affected",
"version": "21.21.0"
},
{
"status": "affected",
"version": "21.21.1"
},
{
"status": "affected",
"version": "21.21.2"
},
{
"status": "affected",
"version": "21.21.3"
},
{
"status": "affected",
"version": "21.21.KS2"
},
{
"status": "affected",
"version": "21.22.0"
},
{
"status": "affected",
"version": "21.22.n2"
},
{
"status": "affected",
"version": "21.22.n3"
},
{
"status": "affected",
"version": "21.22.3"
},
{
"status": "affected",
"version": "21.22.4"
},
{
"status": "affected",
"version": "21.22.5"
},
{
"status": "affected",
"version": "21.22.uj3"
},
{
"status": "affected",
"version": "21.22.11"
},
{
"status": "affected",
"version": "21.22.6"
},
{
"status": "affected",
"version": "21.22.7"
},
{
"status": "affected",
"version": "21.22.8"
},
{
"status": "affected",
"version": "21.22.n4"
},
{
"status": "affected",
"version": "21.22.n5"
},
{
"status": "affected",
"version": "21.22.ua0"
},
{
"status": "affected",
"version": "21.22.ua2"
},
{
"status": "affected",
"version": "21.22.ua3"
},
{
"status": "affected",
"version": "21.22.ua5"
},
{
"status": "affected",
"version": "21.22.12"
},
{
"status": "affected",
"version": "21.22.13"
},
{
"status": "affected",
"version": "21.22.n10"
},
{
"status": "affected",
"version": "21.22.n11"
},
{
"status": "affected",
"version": "21.22.n12"
},
{
"status": "affected",
"version": "21.22.n6"
},
{
"status": "affected",
"version": "21.22.n7"
},
{
"status": "affected",
"version": "21.22.n8"
},
{
"status": "affected",
"version": "21.22.n9"
},
{
"status": "affected",
"version": "21.22.n13"
},
{
"status": "affected",
"version": "21.23.0"
},
{
"status": "affected",
"version": "21.23.1"
},
{
"status": "affected",
"version": "21.23.10"
},
{
"status": "affected",
"version": "21.23.11"
},
{
"status": "affected",
"version": "21.23.12"
},
{
"status": "affected",
"version": "21.23.13"
},
{
"status": "affected",
"version": "21.23.14"
},
{
"status": "affected",
"version": "21.23.15"
},
{
"status": "affected",
"version": "21.23.16"
},
{
"status": "affected",
"version": "21.23.17"
},
{
"status": "affected",
"version": "21.23.2"
},
{
"status": "affected",
"version": "21.23.3"
},
{
"status": "affected",
"version": "21.23.4"
},
{
"status": "affected",
"version": "21.23.5"
},
{
"status": "affected",
"version": "21.23.6"
},
{
"status": "affected",
"version": "21.23.7"
},
{
"status": "affected",
"version": "21.23.8"
},
{
"status": "affected",
"version": "21.23.9"
},
{
"status": "affected",
"version": "21.23.b2"
},
{
"status": "affected",
"version": "21.23.b3"
},
{
"status": "affected",
"version": "21.23.c16"
},
{
"status": "affected",
"version": "21.23.c17"
},
{
"status": "affected",
"version": "21.23.n6"
},
{
"status": "affected",
"version": "21.23.n7"
},
{
"status": "affected",
"version": "21.23.n9"
},
{
"status": "affected",
"version": "21.23.18"
},
{
"status": "affected",
"version": "21.23.19"
},
{
"status": "affected",
"version": "21.23.21"
},
{
"status": "affected",
"version": "21.23.22"
},
{
"status": "affected",
"version": "21.23.23"
},
{
"status": "affected",
"version": "21.23.24"
},
{
"status": "affected",
"version": "21.23.25"
},
{
"status": "affected",
"version": "21.23.26"
},
{
"status": "affected",
"version": "21.23.27"
},
{
"status": "affected",
"version": "21.23.29"
},
{
"status": "affected",
"version": "21.23.30"
},
{
"status": "affected",
"version": "21.23.c18"
},
{
"status": "affected",
"version": "21.23.n10"
},
{
"status": "affected",
"version": "21.23.n11"
},
{
"status": "affected",
"version": "21.23.n8"
},
{
"status": "affected",
"version": "21.23.yn14"
},
{
"status": "affected",
"version": "21.24.0"
},
{
"status": "affected",
"version": "21.24.1"
},
{
"status": "affected",
"version": "21.24.2"
},
{
"status": "affected",
"version": "21.24.3"
},
{
"status": "affected",
"version": "21.25.0"
},
{
"status": "affected",
"version": "21.25.3"
},
{
"status": "affected",
"version": "21.25.4"
},
{
"status": "affected",
"version": "21.25.5"
},
{
"status": "affected",
"version": "21.25.10"
},
{
"status": "affected",
"version": "21.25.11"
},
{
"status": "affected",
"version": "21.25.12"
},
{
"status": "affected",
"version": "21.25.13"
},
{
"status": "affected",
"version": "21.25.14"
},
{
"status": "affected",
"version": "21.25.6"
},
{
"status": "affected",
"version": "21.25.7"
},
{
"status": "affected",
"version": "21.25.8"
},
{
"status": "affected",
"version": "21.25.9"
},
{
"status": "affected",
"version": "21.26.0"
},
{
"status": "affected",
"version": "21.26.1"
},
{
"status": "affected",
"version": "21.26.10"
},
{
"status": "affected",
"version": "21.26.13"
},
{
"status": "affected",
"version": "21.26.14"
},
{
"status": "affected",
"version": "21.26.15"
},
{
"status": "affected",
"version": "21.26.3"
},
{
"status": "affected",
"version": "21.26.5"
},
{
"status": "affected",
"version": "21.26.6"
},
{
"status": "affected",
"version": "21.26.7"
},
{
"status": "affected",
"version": "21.26.17"
},
{
"status": "affected",
"version": "21.27.0"
},
{
"status": "affected",
"version": "21.27.1"
},
{
"status": "affected",
"version": "21.27.2"
},
{
"status": "affected",
"version": "21.27.3"
},
{
"status": "affected",
"version": "21.27.4"
},
{
"status": "affected",
"version": "21.27.5"
},
{
"status": "affected",
"version": "21.27.m0"
},
{
"status": "affected",
"version": "21.28.0"
},
{
"status": "affected",
"version": "21.28.1"
},
{
"status": "affected",
"version": "21.28.2"
},
{
"status": "affected",
"version": "21.28.m0"
},
{
"status": "affected",
"version": "21.28.m1"
},
{
"status": "affected",
"version": "21.28.m2"
},
{
"status": "affected",
"version": "21.28.m3"
}
]
},
{
"product": "Cisco Ultra Cloud Core - User Plane Function",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-289",
"description": "Authentication Bypass by Alternate Name",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:38.039Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
}
],
"source": {
"advisory": "cisco-sa-staros-ssh-privesc-BmWeJC3h",
"defects": [
"CSCwd89468"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20046",
"datePublished": "2023-05-09T13:06:10.748Z",
"dateReserved": "2022-10-27T18:47:50.317Z",
"dateUpdated": "2024-08-02T08:57:35.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…