CVE-2021-1540— Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-1540
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco ASR 5000授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco ASR 5000是美国思科(Cisco)公司的一款5000系列网关产品。 Cisco ASR 5000 Series 所有版本存在授权问题漏洞,该漏洞允许远程用户获得对系统的未经授权的访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco ASR 5000 Series Software | n/a | - |
II. Public POCs for CVE-2021-1540
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-1540
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7nvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-1540
Same Patch Batch · Cisco · 2021-06-04 · 15 CVEs total
| CVE-2021-1539 | 8.1 HIGH | Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities |
| CVE-2021-1528 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2021-1526 | 7.8 HIGH | Cisco Webex Player Memory Corruption Vulnerability |
| CVE-2021-1503 | 7.8 HIGH | Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability |
| CVE-2021-1502 | 7.8 HIGH | Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability |
| CVE-2021-1564 | 6.5 MEDIUM | Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery and Link Layer Discovery P |
| CVE-2021-1563 | 6.5 MEDIUM | Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery and Link Layer Discovery P |
| CVE-2021-1537 | 6.2 MEDIUM | Cisco ThousandEyes Recorder Information Disclosure Vulnerability |
| CVE-2021-1544 | 5.5 MEDIUM | Cisco Webex Meetings Client Software Logging Information Disclosure Vulnerability |
| CVE-2021-1527 | 5.3 MEDIUM | Cisco Webex Player Memory Corruption Vulnerability |
| CVE-2021-1517 | 5.0 MEDIUM | Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerab |
| CVE-2021-1536 | 4.8 MEDIUM | Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulner |
| CVE-2021-1538 | 4.7 MEDIUM | Cisco Common Services Platform Collector Command Injection Vulnerability |
| CVE-2021-1525 | 4.7 MEDIUM | Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco ASR 5000 Series Software
- CVE-2021-1424
Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process De - CVE-2023-20046
Cisco StarOS 安全漏洞 - CVE-2023-20051
Cisco Packet Data Network Gateway IPsec ICMP Denial of Servi - CVE-2022-20665
Cisco StarOS Command Injection Vulnerability - CVE-2021-1539
Cisco ASR 5000 Series Software Authorization Bypass Vulnerab
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2021-1540
No comments yet