VYPR
← All advisories
High severity7.5NVD Advisory· Published Feb 19, 2016· Updated May 6, 2026

CVE-2016-1335

CVE-2016-1335

Description

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.

Affected products

6
  • Cisco Systems, Inc./Asr 5000 Series Software6 versions
    cpe:2.3:a:cisco:asr_5000_series_software:16.5.2:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:cisco:asr_5000_series_software:16.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asr_5000_series_software:17.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asr_5000_series_software:18.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asr_5000_series_software:19.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asr_5000_series_software:19.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.