Cable Modem Termination System Authentication Bypass - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Two issues are described in this security advisory.
The first issue involves cable modems not manufactured by Cisco that
allow a configuration file to be downloaded from an interface that is
not connected to the network of the cable modem's service provider.
This historical behavior allows an unauthorized configuration to be
downloaded to the cable modem. Cisco is providing a feature in its own
software that mitigates this vulnerability. This feature is documented
as CSCdx57688.
The second issue concerns a vulnerability in Cisco IOS Software on
only the Cisco uBR7200 series and uBR7100 series Universal Broadband
Routers. A defect, documented as CSCdx72740, allows the creation of a
truncated, invalid configuration file that is improperly accepted as
valid by the affected routers.
Both of these vulnerabilities have been exploited to steal service by
reconfiguring the cable modem to remove bandwidth restrictions.

See also :

http://www.nessus.org/u?cf56db7e
http://www.nessus.org/u?64d3c943

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20020617-cmts-md5-bypass.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 48966 (cisco-sa-20020617-cmts-md5-bypasshttp.nasl)

Bugtraq ID: 5041

CVE ID: CVE-2002-1706