CVE-2018-0115 - AskarLabs CVE Database

CVE-2018-0115

Vendor N/A

Product Cisco StarOS

Weakness CWE-78

Published January 18, 2018

Last update December 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.

Key dates

02Disclosure timeline

January 18, 2018 CVE published

December 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-0115

Related vulnerabilities

04Related CVE

CVE-2025-31692 AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021 CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution CVE-2026-7590 eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection CVE-2020-12775 Hicos citizen certificate client-side component - Command Injection CVE-2023-42128 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability