Vulnslist

Cisco Scientific Atlanta D20 and D30 Based Cable Modem Cross-Site Scripting Vulnerability

Cisco-SA-20120613-CVE-2012-3047 · Medium · Published 13 years ago · Updated 13 years ago

Cisco Scientific Atlanta cable modems (D20 and D30 based products) contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input to the web wizard setup web page. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a website that is designed to submit a crafted HTTP POST request to the web interface of the affected product. If the user visits the malicious page, the attacker could execute arbitrary script code in the user's browser with the security context of the affected site. Proof-of-concept code is publicly available. Cisco has confirmed this vulnerability, and updates will be made available to service providers. Cisco PSIRT reports that the vulnerability was first identified on an end-of-life (EOL) product, the DPR2320R2 Gateway. There is no fix planned for this EOL product. Newer-generation DOCSIS 2.0 products will have fixes made available through future releases. A fix for all DOCSIS 3.0 CPE based products will be in the next GA release. Updates are not available to end users; updates will be made available to service providers for deployment to their end users at their discretion. To exploit the vulnerability, the attacker may provide a link via e-mail, instant messaging, or another form of communication that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco would like to thank Marcos M. Garcia (@artsweb) for discovering this vulnerability.

Cisco advisory ·CSAF JSON

Workarounds

Related Products