CVE-2016-1327
published 2016-03-09CVE-2016-1327: Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a…
PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.85%
93.2th percentile
Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cable_modem_with_digital_voice | — | — |
| cisco | dpc2203_cable_modem_firmware | — | — |
| cisco | epc2203_cable_modem_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect crafted HTTP requests targeting the Cisco DPC2203/EPC2203 web server; any malformed or oversized HTTP request to the device's web interface should be flagged as a potential exploitation attempt of this buffer overflow. ↗
- →The vulnerability is exploitable by unauthenticated remote attackers, so monitor for unexpected or anomalous HTTP traffic directed at Cisco DPC2203/EPC2203 cable modem web interfaces from external/untrusted sources. ↗
- →Flag devices running firmware version 'r1_customer_image' on Cisco DPC2203 or EPC2203 as vulnerable and prioritize for patching or network isolation. ↗
- ·No workarounds are available for this vulnerability; remediation requires a firmware update distributed through the service provider, not directly from Cisco. ↗
- ·Customers must contact their service providers (not Cisco TAC directly) to obtain the patched firmware, as updates are released to service providers. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
vendor_cisco·2016-03-10·CVSS 10.0
CVE-2016-1327 [CRITICAL] CWE-20 Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.
The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.
Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds
Cisco
Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
vendor_cisco
CVE-2016-1327 Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
CVE-2016-1327: Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability.
GHSA
GHSA-mpm2-q4w3-64vg: Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary co
ghsa_unreviewed·2022-05-17
CVE-2016-1327 [CRITICAL] CWE-119 GHSA-mpm2-q4w3-64vg: Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary co
Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/84279http://www.securitytracker.com/id/1035235https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmrehttp://www.securityfocus.com/bid/84279http://www.securitytracker.com/id/1035235https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre
2016-03-09
Published