What is CVE-2023-20046?

CVE-2023-20046 is a high-severity vulnerability in Cisco Asr 5000 Series Software, classified under CWE-289. CVSS score: 8.8/10. Published 2023-05-09.

How severe is CVE-2023-20046?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Cisco Asr 5000 Series Software

CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user…

EPSS: 0.003 (56.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Asr 5000 Series Software — versions 21.11.0, 21.11.1, 21.11.2
Cisco Ultra Cloud Core - User Plane Function — versions N/A

Weakness classification (CWE)

CWE-289

References

cisco-sa-staros-ssh-privesc-BmWeJC3h

Frequently asked questions

What is CVE-2023-20046?: CVE-2023-20046 is a high-severity vulnerability in Cisco Asr 5000 Series Software, classified under CWE-289. CVSS score: 8.8/10. Published 2023-05-09.
How severe is CVE-2023-20046?: High severity. CVSS v3 base score is 8.8 out of 10.