Less critical

Cisco EPC3925 Cross-Site Request Forgery Vulnerability

-

Release Date:  2013-12-17    Views:  2,047

Secunia Advisory SA56016

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


Jeroen has reported a vulnerability in Cisco EPC3925, which can be exploited by malicious people to conduct cross-site request forgery attacks


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Cisco EPC3925 Cross-Site Request Forgery Vulnerability

User Message
Nerdbox RE: Cisco EPC3925 Cross-Site Request Forgery Vulnerability
Member 20th Dec, 2013 06:44
Score: 0
Posts: 1
User Since: 18th Dec 2013
System Score: N/A
Location: NL
Last edited on 20th Dec, 2013 06:50
There is also Persistent Cross Site Scripting in the Cisco EPC3925. There is client-side input validation, which can - of course - easily bypassed. I have created a proof of concept that stores the payload in the DDNS section.

More detailed information (video) @: http://www.nerdbox.it/cisco-epc3925-persistent-xss...

Combining Cross Site Request Forgery with Persistent Cross Site Scripting allows an (internal) attacker to take over the modem/router.

As a side note, the session cookie does not contain the HTTPOnly attribute, in other words javascript can access this cookie.

Needless to say, when the attacker uses a cookie stealer, the admin's session could be hijacked.

--
http://www.nerdbox.it
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.