← Volver a CVEs
CVE-2021-1145
MEDIUM6.5
Descripcion
A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/13/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
cisco:asr_5000cisco:asr_5500cisco:asr_5700cisco:staros
Debilidades (CWE)
CWE-61CWE-59
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.