Executive Summary

Title Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
Name cisco-sa-20160309-cmre First vendor Publication 2016-03-09
Vendor Cisco Last vendor Modification 2016-03-09
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.

The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.

Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre

BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW4DOuAAoJEK89gD3EAJB5tk0P/39wydK60UHWXnvBw0CgmJeY 2Z/ScvcmkXjtVbNeD1c38JkmXlm383BS+K7wPpUYiC/UslDfojOB2Tx1/WYy/ESG b4AcOyYrYgpEieQH3paGWwecjA75FGvgu7xoByRcA5z4HlchDLs5m/r3sNRG2Pv0 ekYa9S1pUWhGIW6iPcbq7RVYPw9KF/YlE8Omn57bTNRXZ4B4QVH0PWPpSGG/zy9T VyrAhqFqCN8H45QycqSuz+4S7c4tr8Tz7AYfvL2TH4esdE8gdt6bG/j4erYTvP3v 2qSWDd8760vPStPsWdqhNI+kMYWUGmql1M4TFPfG1YEQ/QqS6axaKySKzXzrbf/j OeTUq7ZWm803tZDpbqSWHsy0qvqfkRoxBf9FVtSGZ/fb8qnM/7UINesd6VlFbIhx F8l1Oo250jLekfCEF+RY+P1MiWhdd1G/RCIa64bEfLENe9KZTfwatm1js86hbDbi LHI3SOtt68W9Txei007lCngBZbwe2QB66S49qe6CPOr9qopW2rwtiIyPL/FkbzkZ E1S9g+ScTYyEZEpjZSPNCA6ztLM4q2ez5dnbH3iGeMnviriU8FCkutQDL9x6lVuW Edj9n+nUdtn7JhpTMgspGrMpZsikYz02fuW9NxuzRK1fOSDFdKN8EBcCXHuDfhf7 ujCtz0djzTyAyB7q1FCl =su0m END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Os 1
Os 1

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-03-15 00:27:11
  • Multiple Updates
2016-03-09 21:29:14
  • Multiple Updates
2016-03-09 21:23:53
  • First insertion