CVE-2002-1706Improper Verification of Cryptographic Signature in Cisco IOS

CWE-347Improper Verification of Cryptographic SignatureCWE-20Improper Input Validation5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedDec 31
Latest updateApr 30

Description

Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios11.312.2

Patches

Patch: www.cisco.comPatch: www.securityfocus.comPatch: www.cisco.com

🔴Vulnerability Details

1
GHSA
GHSA-6fwh-897j-m5cj: Cisco IOS software 112022-04-30

📋Vendor Advisories

2
Cisco
Cable Modem Termination System Authentication Bypass2002-06-17
Cisco
Cable Modem Termination System Authentication Bypass

📐Framework References

1
CWE
Improper Verification of Cryptographic Signature
CVE-2002-1706 — Cisco IOS vulnerability | cvebase