[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 9 Mar 2016 11:06:36 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory:Cisco Wireless Residential Gateway with EDVA Denial of 
Service Vulnerability

Advisory ID: cisco-sa-20160309-cmdos

Revision 1.0

Published: 2016 March 9 16:00 GMT
+---------------------------------------------------------------------

Summary
========

A vulnerability in the web-based administration interface of Cisco Model 
DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an 
unauthenticated, remote attacker to cause the device to become unresponsive and 
restart, creating a denial of service (DoS) condition.
 
The vulnerability is due to improper handling, processing, and termination of 
HTTP requests. An attacker could exploit this vulnerability by sending crafted 
HTTP requests to management-enabled interfaces of an affected system.


Cisco has released software updates to its service provider customers that 
address the vulnerability described in this advisory. Prior to contacting Cisco 
TAC, customers are advised to contact their service providers to confirm the 
software deployed by the service provider includes the fix that addresses this 
vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW4DOlAAoJEK89gD3EAJB5zRcQAJJyH026GIx2Zntj9Z1Of9Wi
+jGDY9tK3JKLJtpaNsUA96lfFx37lXvxCitevru4JgWoXgUfQzsEOvu9QYILSokw
1vGF0gSVdGLg2MQEN22l0wdaoLPZrxPUnjza7W3f+9nl3xQ6s+i3EgfI3TkEFasw
t7ns5S2BmSp8qAoHSv+xdY30YY/DreFu9INsKAbPf0qgOssnyZnPu3MIsG/OUNXW
ra9QHDrn37yIDNsaZ/qKyiP69O5u1eVHAFojFsfO8u0eU20GrAF0xYDydXHMi2VA
9SFOikOPbOB45l1M41L8JFH9KDoOVW/h7rh8ose4FoQwtu5Vqe8SZsHoEeEyNkO5
+va4yzkNt8fnDXNlftIy9SJLxcgZsXhqM2ljoYOE7dS6c8rRA2CwqtBvL5SUTBLa
LCroJEEhhOKJMlZKkjMuoRfvMGyarxZWd8Gc9cR18mSvj4M+37XS5Km6wPAv+C4e
goEcJprFHZrE6jMVG8MjafLf3UmZk+DwIjyGpQFY8+UDOQY13KFpyeogMA3c65Ob
izn+fTBv8sygSVmYt0l5DMl++yDHP2L5MC88psvOzZYyLIgCpPki9Mz8ILM6Kudn
zEFUmdDlvV8hR2Rhiwvh2iJN28qG2cpkvTMtXCXy/TFH6gx/TpF4Qxz70Wql6+rB
zncLin8R6mnDXbPJ7EaS
=ZTRO
-----END PGP SIGNATURE-----

Prev by Date: Re: Windows Mail Find People DLL side loading vulnerability
Next by Date: Cisco Security Advisory:Cisco Wireless Residential Gateway Information Disclosure Vulnerability
Previous by thread: Re: OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference
Next by thread: Cisco Security Advisory:Cisco Wireless Residential Gateway Information Disclosure Vulnerability
Index(es):
- Date
- Thread