CVE-2016-1335

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
Severity
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
ciscoasr_5000_series_software
16.5.2
ciscoasr_5000_series_software
17.7.0
ciscoasr_5000_series_software
18.4.0
ciscoasr_5000_series_software
19.0.1
ciscoasr_5000_series_software
19.3.0
ciscoasr_5000_series_software
20.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration