VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2025
scientific_atlanta_webstar_dpc2100r2: Multiple cross-site request forgery (CSRF) vulnerab...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2025

Original

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-26
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-27




Affected Product Tags
cpe:/h:cisco:scientific_atlanta_webstar_dpc2100r2:2.0.2r1256-060303
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 40346




FULLDISC 20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities




Vulnerability Type Cross-Site Request Forgery (CSRF) (CWE-352)




Copyright © 2010 JPCERT/CC All Rights Reserved.