VDB
CVE-2021-1540
CVE-2021-1540
PUBLISHED
CVSS 8.100000381469727 HIGH
Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
EPSS 0.25% · 49.0th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score
0.25%
49.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | staros | 0, 21.17.0, 21.18.0 |
| cisco | virtualized_packet_core | |
| Cisco | Cisco ASR 5000 Series Software | n/a |
Exploit Intelligence
Timeline
- Jun 4, 2021 CVE Published
- Jun 5, 2021 EPSS Score
- Aug 7, 2021 EPSS Score
- Oct 7, 2021 EPSS Score
- Dec 7, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 8, 2022 EPSS Score
- Jun 8, 2022 EPSS Score
- Aug 9, 2022 EPSS Score
- Oct 8, 2022 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-1540 advisory