Service providers will be able to issue the update to the firmware on the consumers’ behalf as part of their software maintenance procedures. There is no fix planned for this EOL product. Affected Products Vendor announcements are not available. A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy.

Uploader: Nikohn
Date Added: 24 September 2012
File Size: 44.70 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 12504
Price: Free* [*Free Regsitration Required]

Home Skip to content Skip to footer.

Garcia artsweb for discovering this scientific atlanta epc2203 modem. To exploit the vulnerability, the attacker may provide a link via e-mail, instant messaging, or another form of communication that directs a user to a malicious scientific atlanta epc2203 modem and use misleading ec2203 or instructions to persuade the user to follow the provided link. Cisco Scientific Atlanta cable modems D20 and D30 based products contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.

Scientific Atlanta EPC2203

Service providers will be able to issue the update to the firmware on the consumers’ behalf as part of their moddem maintenance procedures. There is no fix planned for this EOL product.

Version Description Section Status Date 1. Workarounds Administrators are advised to contact the vendor regarding future updates and releases.

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability wpc2203 to applying updated scientific atlanta epc2203 modem Cisco would like to thank Marcos M.

Administrators are advised to sceintific the vendor regarding future updates and releases. Fixed Software Cisco will be releasing fixed software versions in an upcoming GA release for the following products: This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Cisco scientific atlanta epc2203 modem be releasing fixed software versions in an upcoming GA release for the following products: A atlnta scientific atlanta epc2203 modem or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors.

Affected Products Vendor announcements are not available.

Administrators are advised to monitor affected systems. Proof-of-concept code is publicly available. Cisco Security Vulnerability Policy.

Cisco Scientific Atlanta D20 and D30 Based Cable Modem Cross-Site Scripting Vulnerability

Cisco will be releasing fixed software versions in an upcoming GA release for the following products:. Cisco has confirmed this vulnerability, and updates will be made available to service providers.

An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a website scientific atlanta epc2203 modem is designed to submit a crafted HTTP POST request to the web interface of the affected product.

The vulnerability is due to insufficient sanitization of user-supplied input to the web wizard setup web page. No other Cisco products are currently known to be affected by these vulnerabilities. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies scientific atlanta epc2203 modem publications, see the Security Vulnerability Policy.

The information in this document is intended for end-users of Cisco products. Vendor announcements are not available. Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them. Updates are not available to end users; updates will be made available to service providers for deployment to their end users at their discretion.