HTTP: Cisco User-Changeable Password CSuserCGI.exe Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Cisco User-Changeable Password. An attacker can create a malicious Web site containing Web pages with a large query to the CSuserCGI executable, which if accessed by a victim, allows the attacker to gain control of the victim's system.
Extended Description
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers. The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205. These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.
Affected Products
Cisco user-changeable_password_(ucp)
Short Name
HTTP:CISCO:CSUSERCGI-BOF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CSuserCGI.exe CVE-2008-0532 CVE-2008-0533 Cisco Overflow Password User-Changeable bid:28222
Release Date
03/19/2008
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Cisco
CVSS Score
10.0
4.3