Vulnerability Details : CVE-2015-6401
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.
Vulnerability category: BypassGain privilege
Products affected by CVE-2015-6401
- Cisco » Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter » Version: 5.5.10cpe:2.3:o:cisco:epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter:5.5.10:*:*:*:*:*:*:*
- Cisco » Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter » Version: 5.5.11cpe:2.3:o:cisco:epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter:5.5.11:*:*:*:*:*:*:*
- Cisco » Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter » Version: 5.7.1cpe:2.3:o:cisco:epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter:5.7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6401
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6401
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-6401
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6401
-
http://www.securitytracker.com/id/1034347
Cisco Wireless Residential Gateway EPC3928 Lets Remote Users Execute Arbitrary Commands on the Target System - SecurityTracker
-
https://www.exploit-db.com/exploits/39904/
Cisco EPC 3928 - Multiple Vulnerabilities
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr
Cisco Wireless Residential Unauthorized Command VulnerabilityVendor Advisory
Jump to