VAR-200212-0581
Vulnerability from variot - Updated: 2024-02-29 23:15Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. CMTS is running on Cisco IOS Due to deficiencies in Cisco uBR7100 and uBR7200 contains a vulnerability in which a configuration file with invalid parameters is applied.Cisco uBR7100 and uBR7200 may apply a configuration file with invalid parameters. A vulnerability has been announced which affects Cisco uBR7200 series and uBR7100 series Universal Broadband Routers under some versions of IOS. Invalid DOCSIS files without an MIC signature may be accepted by a vulnerable router, even if MIC signatures are required. Exploitation of this vulnerability may allow arbitrary configuration files to be accepted by the network. Even if the router configuration requires MIC signatures to receive files, it may incorrectly receive illegal DOCSIS configuration files, which may lead attackers to exploit This vulnerability reconfigures the router, removes related bandwidth restrictions and other illegal operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0581",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "cisco ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "12.1"
},
{
"model": "cisco ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "11.3"
},
{
"model": "cisco ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.1cx"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.1ec"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.3t"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2bc"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2t"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2xf"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.3xa"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.1t"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1cx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "5041"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
},
{
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2",
"versionStartIncluding": "11.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ubr7100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ubr7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems Product Security Incident Response Team\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1706",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2002-1706",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6089",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2002-1706",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1706",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-158",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6089",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6089"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
},
{
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. CMTS is running on Cisco IOS Due to deficiencies in Cisco uBR7100 and uBR7200 contains a vulnerability in which a configuration file with invalid parameters is applied.Cisco uBR7100 and uBR7200 may apply a configuration file with invalid parameters. A vulnerability has been announced which affects Cisco uBR7200 series and uBR7100 series Universal Broadband Routers under some versions of IOS. \nInvalid DOCSIS files without an MIC signature may be accepted by a vulnerable router, even if MIC signatures are required. Exploitation of this vulnerability may allow arbitrary configuration files to be accepted by the network. Even if the router configuration requires MIC signatures to receive files, it may incorrectly receive illegal DOCSIS configuration files, which may lead attackers to exploit This vulnerability reconfigures the router, removes related bandwidth restrictions and other illegal operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1706"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"db": "BID",
"id": "5041"
},
{
"db": "VULHUB",
"id": "VHN-6089"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1706",
"trust": 3.3
},
{
"db": "BID",
"id": "5041",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-158",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "3008",
"trust": 0.6
},
{
"db": "XF",
"id": "9368",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20020617 CABLE MODEM TERMINATION SYSTEM AUTHENTICATION BYPASS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6089",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6089"
},
{
"db": "BID",
"id": "5041"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
},
{
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"id": "VAR-200212-0581",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6089"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-29T23:15:29.315000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cmts-MD5-bypass-pub",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cmts-md5-bypass-pub.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.0
},
{
"problemtype": "Improper verification of digital signatures (CWE-347) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/5041"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cmts-md5-bypass-pub.shtml"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9368"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1706"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/9368"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3008"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6089"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
},
{
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6089"
},
{
"db": "BID",
"id": "5041"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
},
{
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6089"
},
{
"date": "2002-06-17T00:00:00",
"db": "BID",
"id": "5041"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"date": "2002-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-158"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-6089"
},
{
"date": "2002-06-17T00:00:00",
"db": "BID",
"id": "5041"
},
{
"date": "2024-02-29T02:11:00",
"db": "JVNDB",
"id": "JVNDB-2002-000133"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-158"
},
{
"date": "2024-02-08T20:47:29.867000",
"db": "NVD",
"id": "CVE-2002-1706"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cable\u00a0Modem\u00a0Termination\u00a0System\u00a0 Vulnerability where configuration files with invalid parameters are applied in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-158"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…