CVE-2010-2025

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html	Exploit
http://www.securityfocus.com/bid/40346

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:scientific_atlanta_webstar_dpc2100r2:2.0.2r1256-060303:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-05-26 19:30

Updated : 2023-12-10 11:03

NVD link : CVE-2010-2025

Mitre link : CVE-2010-2025

CVE.ORG link : CVE-2010-2025

JSON object : View

Products Affected

cisco

scientific_atlanta_webstar_dpc2100r2

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2010-2025", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2010-05-26T19:30:01.390", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/40346", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la interfaz web en el cable modem Cisco Scientific Atlanta WebSTAR DPC2100R2 con firmware 2.0.2r1256-060303 permite a atacantes remotos secuestrar la autenticaci\u00f3n de adminsitradores para peticiones que (1) resetean el modem, (2) borran el firmware, (3) change the administrative password, (4) instala firmware modificado, or (5) cambia los niveles de acceso, como se demostr\u00f3 con una petici\u00f3n goform/_aslvl."}], "lastModified": "2010-05-27T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:scientific_atlanta_webstar_dpc2100r2:2.0.2r1256-060303:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81CAE5FA-2676-4D86-8DBE-8675B2D87E00"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}