CVE-2016-1327 - Vulnerability Details - OpenCVE

Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Dpc2203 Dpc2203 Cable Modem Firmware Epc2203 Epc2203 Cable Modem Firmware

Configuration 1 [-]

AND

cpe:2.3:h:cisco:dpc2203:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:dpc2203_cable_modem_firmware:r1_customer_image_base:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:cisco:epc2203:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:epc2203_cable_modem_firmware:r1_customer_image_base:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/84279
http://www.securitytracker.com/id/1035235
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-03-09T20:00:00

Updated: 2024-08-05T22:55:14.149Z

Reserved: 2016-01-04T00:00:00

Link: CVE-2016-1327

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-03-09T20:59:04.177

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-1327

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1035235", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035235"}, {"name": "20160309 Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre"}, {"name": "84279", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/84279"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2016-1327", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035235", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035235"}, {"name": "20160309 Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre"}, {"name": "84279", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84279"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.149Z"}, "title": "CVE Program Container", "references": [{"name": "1035235", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035235"}, {"name": "20160309 Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre"}, {"name": "84279", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/84279"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1327", "datePublished": "2016-03-09T20:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.149Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:dpc2203:-:*:*:*:*:*:*:*", "matchCriteriaId": "86EAC851-04F7-4E97-B2B7-E61D0C87DEA5", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:dpc2203_cable_modem_firmware:r1_customer_image_base:*:*:*:*:*:*:*", "matchCriteriaId": "0FF2F31C-B481-4F6F-8184-7A790AC99013", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:epc2203:-:*:*:*:*:*:*:*", "matchCriteriaId": "A75EF396-5211-4E74-AD5D-EA1DA9B36865", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:epc2203_cable_modem_firmware:r1_customer_image_base:*:*:*:*:*:*:*", "matchCriteriaId": "03BFB684-6767-44BF-9C66-ECF092145E9D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935."}, {"lang": "es", "value": "Desbordamiento de buffer en el servidor web en dispositivos Cisco DPC2203 y EPC2203 con firmware r1_customer_image permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocida como Bug ID CSCuv05935."}], "id": "CVE-2016-1327", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2016-03-09T20:59:04.177", "references": [{"source": "[email protected]", "url": "http://www.securityfocus.com/bid/84279"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id/1035235"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/84279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Primary"}]}