Cisco Security Advisory: Cisco StarOS SSH Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis=
co Security Advisory: Cisco StarOS SSH Privilege Escalation Vulne=
rability=0D=0A=0D=0AAdvisory ID: cisco-sa-20170315-asr=0D=0A=0D=0A=
Revision: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 15 16:00 =
GMT=0D=0A=0D=0ALast Updated: 2017 March 15 16:00 GMT=0D=0A=0D=0AC=
VE ID(s): CVE-2017-3819=0D=0A=0D=0ACVSS Score v(3): 8.8 CVSS:3.0/=
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H=0D=0A=0D=0A+-----------------=
----------------------------------------------------=0D=0A=0D=0AS=
ummary=0D=0A=3D=3D=3D=3D=3D=3D=3D=0D=0AA privilege escalation vul=
nerability in the Secure Shell (SSH) subsystem in the StarOS oper=
ating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700=
 Series devices, and Cisco Virtualized Packet Core could allow an=
 authenticated, remote attacker to gain unrestricted, root shell =
access.=0D=0A=0D=0AThe vulnerability is due to missing input vali=
dation of parameters passed during SSH or SFTP login. An attacker=
 could exploit this vulnerability by providing crafted user input=
 to the SSH or SFTP command-line interface (CLI) during SSH or SF=
TP login. An exploit could allow an authenticated attacker to gai=
n root privileges access on the router.=0D=0A=0D=0ANote: Only tra=
ffic directed to the affected system can be used to exploit this =
vulnerability. This vulnerability can be triggered via both IPv4 =
and IPv6 traffic. An established TCP connection toward port 22, t=
he SSH default port, is needed to perform the attack. The attacke=
r must have valid credentials to login to the system via SSH or S=
FTP.=0D=0A=0D=0ACisco has released software updates that address =
this vulnerability. Workarounds that mitigate this vulnerability =
are not available.=0D=0A=0D=0AThis advisory is available at the f=
ollowing link:=0D=0Ahttps://tools.cisco.com/security/center/conte=
nt/CiscoSecurityAdvisory/cisco-sa-20170315-asr ["https://tools.ci=
sco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20=
170315-asr"]=0D=0A=0D=0A-----BEGIN PGP SIGNATURE-----=0D=0A=0D=0A=
iQKBBAEBAgBrBQJYyWVsZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg=0D=0A=
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx=0D=0A=
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlB4A//abxGCJXva4/bR/wn=0D=0A=
5QMis+qjShEQId3TAqA3+YFFP4u1JGAFRDm77ieE0vJVSYDWJ3hGSNttYq1Pt+e0=0D=0A=
yMCbX1pXSN29nNvoTL2yORnYGBhYKEK2MmJXpjz0exPh4r+Is5s+JAB2bIJdVMip=0D=0A=
e4pPLOkZm8B008/7OgkCdBqY5TEo3X41m5HTq7RYSglf5pTfkM6O04U8pEIh8KOv=0D=0A=
oi9gI3JVTj/Yh7EtJkLU6CNygg6INfY9B9EUV5Ctfus7AZfvPLzdG4Jl+57mrPWl=0D=0A=
tKCgCLsSUYvW/28TlRP72pwVoKWzLg2zhW1j98GAwUIfQXw6bt9jgAma2p8ZTiCa=0D=0A=
5LMWmOsrvaw8G6jfxr3ligTxoSGRikXfItZIMkWe0YuiS9aXQBwdcu7WwSyneM0J=0D=0A=
vtYqSsF/ktsMRrE3YhtrUw6GmQ/5zw9FsizcWWG2O4kAd0U02E+Mw+aPi7HvN92G=0D=0A=
+fPO0OaWakr4fAfxWF2rPcEnGg8idPT6BbSLvf+B330GPOiYGZP0M4kJwxZe7t25=0D=0A=
obpM3LJptZjN129fOGj/GlC4e+xYc+UOug/8lgyRR4Q9znSjd8o0lSyFQfcIwOmt=0D=0A=
8NETMaT9p8CLyUyvyQ1/S4XyP3RriqTjn8OE6lq71ZRGpRIQ6N8xIVxaD0OBDcks=0D=0A=
g41Iqe0GD5yQFsXypTAn7dc9bNg=3D=0D=0A=3DLk6U=0D=0A-----END PGP SIG=
NATURE-----=0D=0A