HTTP: Cisco User-Changeable Password CSuserCGI.exe Cross-Site Scripting
This signature detects attempts to exploit a known vulnerability in Cisco User-Changeable Password. An attacker can create a malicious Web site containing Web pages using CSuserCGI executable as a vector for cross-site scripting, which if accessed by a victim, allows the attacker to take over the victim's browser.
Extended Description
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers. The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205. These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.
Affected Products
Cisco user-changeable_password_(ucp)
Short Name
HTTP:XSS:CISCO-CSUSERCGIXSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CSuserCGI.exe CVE-2008-0533 Cisco Cross-Site Password Scripting User-Changeable bid:28222
Release Date
03/20/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
CVSS Score
4.3