5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.4%
A vulnerability in Cisco Headend System Release could allow an unauthenticated, remote attacker to download temporary script files.
The vulnerability is due to improper input validation of the HTTP request header. An attacker could exploit this vulnerability by manipulating the URL of an HTTP request. An exploit could allow the attacker to expose sensitive information on the device.
Cisco has confirmed the vulnerability; however, software updates are not available.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
CPE | Name | Operator | Version |
---|---|---|---|
headend system releases | eq | any | |
cisco headend system releases | eq | any |