Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0887

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-0887
Last Modified 21 Sep 2011 11:29:06
Published 08 Feb 2011 05:00:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0887

Summary

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.

Vulnerable Systems

Application

  • Smc Networks Smcd3g-ccr Firmware 1.4.0.42


References

MISC - https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

XF - smcd3gccr-weak-security(65186)

BID - 46215

BUGTRAQ - 20110205 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)

EXPLOIT-DB - 16123

SREASON - 8068

SECUNIA - 43199

BUGTRAQ - 20110204 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)


Last Updated: 27 May 2016 10:56:06