Cisco User-Changeable Password Remote Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Mar 2008 5700 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Cisco User-Changeable Password (UCP), which could be exploited by remote attackers to execute arbitrary scripting code, cause a denial of service or take complete control of an affected system.

1. Due to a buffer overflow errors in the HTTP interface when processing overly long arguments (e.g. "Logout", "Main", or "ChangePass") passed to the "CSuserCGI.exe" script, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code.

2. Due to an input validation error in the HTTP interface when processing the "Help" parameter passed to the "CSuserCGI.exe" script, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected application.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Cisco User-Changeable Password (UCP) versions prior to 4.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Cisco User-Changeable Password (UCP) version 4.2 :
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml#software

Vulnerability Identifier

Source

Related Link

Share with

Previous

McAfee ePolicy Orchestrator "logDetail()" Format String Vulnerability

14 Mar 2008 5620 Views

Next

F-Secure Products Archive Handling Code Execution Vulnerabilities

18 Mar 2008 5577 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY