7.5

CVE-2002-1706

EPSS 0.36%
Published 31.12.2002 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version >= 11.3 <= 12.2

Cisco ≫ Ubr7100 Version-
Cisco ≫ Ubr7200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.554

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml

Patch

Vendor Advisory

Not Applicable

http://www.securityfocus.com/bid/5041

Patch

Third Party Advisory

Broken Link

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/9368

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2002-1706

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1706

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1706

EUVD