Privilege Escalation via Multi-User Public-Key Authentication in Cisco StarOS on ASR 5000 Devices (Bug ID CSCux22492)

Privilege Escalation via Multi-User Public-Key Authentication in Cisco StarOS on ASR 5000 Devices (Bug ID CSCux22492)

CVE-2016-1335 · HIGH Severity

AV:N/AC:H/AU:S/C:C/I:C/A:C

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.

Learn more about our Cis Benchmark Audit For Cisco.