Cisco Cable Modem Termination System Authentication Bypass Vulnerability

Reported June 17, 2002, by Cisco Systems.

VERSIONS AFFECTED

 

  • Cisco Systems uBR7200 series and uBR7100 series Universal Broadband Routers

DESCRIPTION
A vulnerability exists in Cisco Systems' uBR7200 series and uBR7100 series Universal Broadband Routers that lets an attacker download unauthorized configuration files to cable modems. A defect, documented as CSCdx72740, lets an intruder create a truncated, invalid configuration file that the affected routers improperly accept as valid. An attacker typically exploits this vulnerability to steal service by reconfiguring the cable modem to remove bandwidth restrictions that an ISP has put in place.

 

VENDOR RESPONSE

Cisco Systems has issued a notice regarding these vulnerabilities and recommends that affected users obtain a software upgrade through typical support channels.

 

CREDIT
Discovered by Cisco Systems.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish