Cisco Wireless Residential Unauthorized Command Vulnerability

2015-12-0800:00:00

tools.cisco.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.7%

JSON

A vulnerability with web interface access authentication of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to issue a subset of commands as the administrator without authenticating to the device.

The vulnerability is due to lack of authentication required for certain administrative functions through the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. An exploit could allow the attacker to execute a subset of administrator functions without being authenticated.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr”]

Affected configurations

Vulners

Node

ciscoepc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapterMatchany

ciscoepc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapterMatch8x4_wireless_residential_gateway_with_edva

CPENameOperatorVersion
cisco model epc3928 docsis 3.0 8x4 wireless residential gateway with edvaeqany
cisco model epc3928 docsis 3.0eq8x4 Wireless Residential Gateway with EDVA

CPE	Name	Operator	Version
	cisco model epc3928 docsis 3.0 8x4 wireless residential gateway with edva	eq	any
	cisco model epc3928 docsis 3.0	eq	8x4 Wireless Residential Gateway with EDVA