| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1241 |
287 |
|
DoS |
2013-05-08 |
2013-05-08 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. |
|
2 |
CVE-2013-1226 |
119 |
|
DoS Overflow |
2013-04-29 |
2013-04-29 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. |
|
3 |
CVE-2013-1217 |
119 |
|
DoS Overflow |
2013-04-24 |
2013-04-24 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. |
|
4 |
CVE-2013-1215 |
264 |
|
+Priv |
2013-04-25 |
2013-04-26 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. |
|
5 |
CVE-2013-1200 |
287 |
|
|
2013-05-15 |
2013-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. |
|
6 |
CVE-2013-1197 |
20 |
|
DoS |
2013-04-16 |
2013-04-16 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. |
|
7 |
CVE-2013-1196 |
20 |
|
|
2013-04-29 |
2013-04-30 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. |
|
8 |
CVE-2013-1173 |
119 |
|
Overflow +Priv |
2013-04-11 |
2013-04-11 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. |
|
9 |
CVE-2013-1172 |
20 |
|
+Priv |
2013-04-11 |
2013-04-11 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. |
|
10 |
CVE-2013-1161 |
20 |
|
DoS |
2013-03-25 |
2013-03-26 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383. |
|
11 |
CVE-2013-1141 |
119 |
|
DoS Overflow |
2013-02-28 |
2013-03-07 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153. |
|
12 |
CVE-2013-1131 |
|
|
DoS |
2013-02-13 |
2013-02-14 |
6.4 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
Complete |
|
Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182, CSCua91196, CSCud36155, and CSCua86190. |
|
13 |
CVE-2013-1128 |
352 |
|
CSRF |
2013-02-15 |
2013-02-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information. |
|
14 |
CVE-2013-1125 |
20 |
|
|
2013-02-19 |
2013-02-20 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. |
|
15 |
CVE-2013-1120 |
352 |
|
CSRF |
2013-02-06 |
2013-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910. |
|
16 |
CVE-2013-1109 |
352 |
|
CSRF |
2013-01-17 |
2013-02-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. |
|
17 |
CVE-2012-6395 |
20 |
|
DoS |
2013-01-18 |
2013-02-02 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. |
|
18 |
CVE-2012-6026 |
119 |
|
DoS Overflow |
2013-03-05 |
2013-03-05 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460. |
|
19 |
CVE-2012-5992 |
352 |
|
XSS CSRF |
2012-12-19 |
2013-01-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. |
|
20 |
CVE-2012-5991 |
|
|
DoS |
2012-12-19 |
2013-01-30 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209. |
|
21 |
CVE-2012-5717 |
264 |
|
DoS |
2013-01-18 |
2013-01-29 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462. |
|
22 |
CVE-2012-5445 |
20 |
|
DoS Exec Code |
2012-12-28 |
2013-03-04 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. |
|
23 |
CVE-2012-3908 |
352 |
|
CSRF |
2012-09-16 |
2013-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684. |
|
24 |
CVE-2012-3895 |
|
|
DoS |
2012-09-16 |
2013-01-24 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. |
|
25 |
CVE-2012-3893 |
|
|
DoS |
2012-09-16 |
2012-09-17 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. |
|
26 |
CVE-2012-3052 |
|
|
+Priv |
2012-09-16 |
2012-09-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. |
|
27 |
CVE-2012-3051 |
|
|
DoS |
2012-09-16 |
2013-03-21 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. |
|
28 |
CVE-2012-2496 |
20 |
|
Exec Code |
2012-06-20 |
2012-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. |
|
29 |
CVE-2012-1338 |
362 |
|
DoS |
2012-08-06 |
2013-04-01 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. |
|
30 |
CVE-2012-1327 |
16 |
|
DoS |
2012-05-03 |
2012-05-10 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. |
|
31 |
CVE-2012-0337 |
89 |
|
Exec Code Sql |
2012-05-02 |
2012-05-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. |
|
32 |
CVE-2011-4487 |
89 |
|
Exec Code Sql |
2012-02-29 |
2012-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. |
|
33 |
CVE-2011-4231 |
20 |
|
DoS |
2012-05-03 |
2012-05-11 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. |
|
34 |
CVE-2011-3293 |
352 |
|
XSS CSRF |
2012-05-02 |
2012-06-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. |
|
35 |
CVE-2011-3274 |
|
|
DoS |
2011-10-03 |
2012-05-14 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919. |
|
36 |
CVE-2011-2678 |
|
|
+Priv |
2011-07-07 |
2011-09-21 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. |
|
37 |
CVE-2011-2585 |
94 |
|
Exec Code |
2011-10-19 |
2012-01-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. |
|
38 |
CVE-2011-2569 |
264 |
|
+Priv |
2011-10-27 |
2012-04-06 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. |
|
39 |
CVE-2011-1610 |
89 |
|
Exec Code Sql |
2011-05-03 |
2011-05-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. |
|
40 |
CVE-2011-1607 |
22 |
|
Dir. Trav. |
2011-05-03 |
2011-05-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. |
|
41 |
CVE-2011-1603 |
264 |
|
+Priv |
2011-06-02 |
2011-10-26 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. |
|
42 |
CVE-2011-1602 |
264 |
|
+Priv |
2011-06-02 |
2011-11-21 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. |
|
43 |
CVE-2011-0966 |
22 |
1
|
Dir. Trav. |
2011-05-20 |
2011-05-24 |
6.8 |
None |
Remote |
Low |
Single system |
Complete |
None |
None |
|
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577. |
|
44 |
CVE-2011-0348 |
264 |
|
Bypass |
2011-01-28 |
2011-02-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917. |
|
45 |
CVE-2010-4676 |
399 |
|
DoS |
2011-01-07 |
2011-02-02 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. |
|
46 |
CVE-2010-4304 |
310 |
|
|
2010-11-22 |
2010-11-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048. |
|
47 |
CVE-2010-3270 |
119 |
|
Exec Code Overflow |
2011-02-02 |
2011-02-03 |
6.8 |
None |
Remote |
High |
Multiple systems |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed. |
|
48 |
CVE-2010-3039 |
78 |
|
Exec Code |
2010-11-09 |
2010-11-18 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. |
|
49 |
CVE-2010-2841 |
|
|
DoS |
2010-09-10 |
2010-09-13 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938. |
|
50 |
CVE-2010-2026 |
287 |
|
Bypass |
2010-05-26 |
2010-05-27 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. |
