HTTP: Cisco EPC 3928 CVE-2015-6401 Command Injection
This signature detects attempts to exploit a known vulnerability against Cisco EPC 3928. A successful attack can lead to arbitrary code execution.
Extended Description
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.
Affected Products
Cisco epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter
References
CVE: CVE-2015-6401
Short Name
HTTP:CISCO:CISCO-EPC-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
3928 CVE-2015-6401 Cisco Command EPC Injection
Release Date
02/28/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Cisco
CVSS Score
7.5