This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch
Two issues are described in this security advisory.
The first issue involves cable modems not manufactured by Cisco that
allow a configuration file to be downloaded from an interface that is
not connected to the network of the cable modem's service provider.
This historical behavior allows an unauthorized configuration to be
downloaded to the cable modem. Cisco is providing a feature in its own
software that mitigates this vulnerability. This feature is documented
The second issue concerns a vulnerability in Cisco IOS Software on
only the Cisco uBR7200 series and uBR7100 series Universal Broadband
Routers. A defect, documented as CSCdx72740, allows the creation of a
truncated, invalid configuration file that is improperly accepted as
valid by the affected routers.
Both of these vulnerabilities have been exploited to steal service by
reconfiguring the cable modem to remove bandwidth restrictions.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false
Nessus Plugin ID: 48966 (cisco-sa-20020617-cmts-md5-bypasshttp.nasl)
Bugtraq ID: 5041
CVE ID: CVE-2002-1706
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.