Login Sign Up

CVE-2021-1539

8.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows authenticated remote attackers to bypass authorization controls on Cisco ASR 5000 Series devices running StarOS software. Attackers can execute a subset of CLI commands they shouldn't have access to, potentially compromising network devices. Organizations using affected Cisco ASR 5000 Series routers are at risk.

💻 Affected Systems

Products:
  • Cisco ASR 5000 Series
Versions: StarOS software versions prior to the fixed releases
Operating Systems: StarOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the device CLI interface

📦 What is this software?

Staros by Cisco

View all CVEs affecting Staros →

Staros by Cisco

View all CVEs affecting Staros →

Staros by Cisco

View all CVEs affecting Staros →

Staros by Cisco

View all CVEs affecting Staros →

Staros by Cisco

View all CVEs affecting Staros →

Staros by Cisco

View all CVEs affecting Staros →

Virtualized Packet Core by Cisco

View all CVEs affecting Virtualized Packet Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains administrative control over critical network infrastructure, enabling network disruption, data interception, or lateral movement to other systems.

🟠

Likely Case

Attackers with existing low-privilege access escalate privileges to execute unauthorized commands, potentially modifying configurations or accessing sensitive network information.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the affected device only, preventing lateral movement to other systems.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires existing authenticated access to the device CLI

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Cisco advisory for specific fixed versions

Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n

Restart Required: Yes

Instructions:

1. Review Cisco advisory for affected versions. 2. Download and install appropriate fixed StarOS software version. 3. Reboot device to apply update. 4. Verify update was successful.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to only trusted administrators using strict access controls

Network Segmentation

all

Isolate ASR 5000 management interfaces from untrusted networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected devices
  • Enforce least privilege access controls and monitor all CLI sessions

🔍 How to Verify

Check if Vulnerable:

Check StarOS version against affected versions listed in Cisco advisory

Check Version:

show version

Verify Fix Applied:

Verify installed StarOS version matches or exceeds fixed versions in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized CLI command execution attempts
  • Privilege escalation patterns in system logs

Network Indicators:

  • Unusual CLI access patterns from unexpected sources

SIEM Query:

Search for failed authorization attempts followed by successful command execution on ASR 5000 devices

📊 Metadata

CVE ID: CVE-2021-1539
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-863
Published: June 4, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1539, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)