Executive Summary
Summary | |
---|---|
Title | Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160309-cmre | First vendor Publication | 2016-03-09 |
Vendor | Cisco | Last vendor Modification | 2016-03-09 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW4DOuAAoJEK89gD3EAJB5tk0P/39wydK60UHWXnvBw0CgmJeY 2Z/ScvcmkXjtVbNeD1c38JkmXlm383BS+K7wPpUYiC/UslDfojOB2Tx1/WYy/ESG b4AcOyYrYgpEieQH3paGWwecjA75FGvgu7xoByRcA5z4HlchDLs5m/r3sNRG2Pv0 ekYa9S1pUWhGIW6iPcbq7RVYPw9KF/YlE8Omn57bTNRXZ4B4QVH0PWPpSGG/zy9T VyrAhqFqCN8H45QycqSuz+4S7c4tr8Tz7AYfvL2TH4esdE8gdt6bG/j4erYTvP3v 2qSWDd8760vPStPsWdqhNI+kMYWUGmql1M4TFPfG1YEQ/QqS6axaKySKzXzrbf/j OeTUq7ZWm803tZDpbqSWHsy0qvqfkRoxBf9FVtSGZ/fb8qnM/7UINesd6VlFbIhx F8l1Oo250jLekfCEF+RY+P1MiWhdd1G/RCIa64bEfLENe9KZTfwatm1js86hbDbi LHI3SOtt68W9Txei007lCngBZbwe2QB66S49qe6CPOr9qopW2rwtiIyPL/FkbzkZ E1S9g+ScTYyEZEpjZSPNCA6ztLM4q2ez5dnbH3iGeMnviriU8FCkutQDL9x6lVuW Edj9n+nUdtn7JhpTMgspGrMpZsikYz02fuW9NxuzRK1fOSDFdKN8EBcCXHuDfhf7 ujCtz0djzTyAyB7q1FCl =su0m END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 |
Alert History
Date | Informations |
---|---|
2016-03-15 00:27:11 |
|
2016-03-09 21:29:14 |
|
2016-03-09 21:23:53 |
|