vendor:
User-Changeable Password (UCP)
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-site scripting and buffer-overflow vulnerabilities
79 (Cross-site Scripting), 119 (Buffer Overflow)
CWE
Product Name: User-Changeable Password (UCP)
Affected Version From: Prior to UCP 4.2
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: a:cisco:user-changeable_password
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2008
Cisco User-Changeable Password (UCP) Multiple Remote Vulnerabilities
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.
Mitigation:
Upgrade to UCP 4.2 or later
