A privilege escalation vulnerability in the SSH subsystem in Cisco ASR 5000 Series devices running StarOS could allow an authenticated, remote attacker to elevate privileges.

The attacker would need to have a valid and configured SSH authorized key and access to the same device from which the privileged administrator connects.
 
The vulnerability is due to an error that occurs when multiple users are configured to use SSH keys as the authentication mechanism.

Administrative accounts configured in this manner are tied to a single remote device.

A successful attack could allow a lower-privileged user to authenticate as a higher-privileged administrator if all constraints can be met.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr
A privilege escalation vulnerability in the SSH subsystem in Cisco ASR 5000 Series devices running StarOS could allow an authenticated, remote attacker to elevate privileges.

The attacker would need to have a valid and configured SSH authorized key and access to the same device from which the privileged administrator connects.
 
The vulnerability is due to an error that occurs when multiple users are configured to use SSH keys as the authentication mechanism.

Administrative accounts configured in this manner are tied to a single remote device.

A successful attack could allow a lower-privileged user to authenticate as a higher-privileged administrator if all constraints can be met.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr

Security Impact Rating: Medium

CVE: CVE-2016-1335