====================================================================

                                 CERT-Renater

                    Note d'Information No. 2016/VULN067
_____________________________________________________________________

DATE                : 22/02/2016

HARDWARE PLATFORM(S): Cisco ASR 5000 Series.

OPERATING SYSTEM(S): Cisco ASR 5000 Series StarOS prior to
                        19.3.M0.62771, 20.0.M0.62768.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr
_____________________________________________________________________

Cisco Security Advisory

Cisco ASR 5000 Series StarOS SSH Subsystem Privilege Escalation
Vulnerability

Medium
Advisory ID:
cisco-sa-20160218-asr

Published:
2016 February 18 23:20  GMT

Version 1.0:
Final

CVSS Score:
Base - 7.1

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCux22492
CVE-2016-1335
CWE-264

Summary

      A privilege escalation vulnerability in the SSH subsystem in Cisco
      ASR 5000 Series devices running StarOS could allow an
      authenticated, remote attacker to elevate privileges. The attacker
      would need to have a valid and configured SSH authorized key and
      access to the same device from which the privileged administrator
      connects.

      The vulnerability is due to an error that occurs when multiple
      users are configured to use SSH keys as the authentication
      mechanism. Administrative accounts configured in this manner are
      tied to a single remote device.
      A successful attack could allow a lower-privileged user to
      authenticate as a higher-privileged administrator if all
      constraints can be met.

      Cisco has released software updates that address this
      vulnerability.
      Workarounds that address this vulnerability are not available.

      This advisory is available at the following link:
 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr

Affected Products

      Vulnerable Products

      Cisco ASR 5000 devices running StarOS prior to 19.3.M0.62771 and
      prior to 20.0.M0.62768 are vulnerable.

      Products Confirmed Not Vulnerable
      No other Cisco products are currently known to be affected by this
      vulnerability.

Workarounds

      Workarounds are not available.

Fixed Software

      When considering software upgrades, customers are advised to
      consult the Cisco Security Advisories and Responses archive at
      http://www.cisco.com/go/psirt and review subsequent advisories to
      determine exposure and a complete upgrade solution.

      In all cases, customers should ensure that the devices to be
      upgraded contain sufficient memory and confirm that current
      hardware and software configurations will continue to be supported
      properly by the new release.
      If the information is not clear, customers are advised to contact
      the Cisco Technical Assistance Center (TAC) or their contracted
      maintenance providers.

Exploitation and Public Announcements

      The Cisco Product Security Incident Response Team (PSIRT) is not
      aware of any public announcements or malicious use of the
      vulnerability that is described in this advisory.

URL

 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr

Revision History

      Version 	Description 		Section 	Status 	Date
      1.0 	Initial public release 	-	 	Final 	2016-February-18

Legal Disclaimer

      THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
      ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
      MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
      INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT
      IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE
      THIS DOCUMENT AT ANY TIME.

      A standalone copy or paraphrase of the text of this document that
      omits the distribution URL is an uncontrolled copy and may lack
      important information or contain factual errors. The information in
      this document is intended for end users of Cisco products.


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================