CVE-2015-4202: Infoleak
First published: Sat Jun 20 2015(Updated: )
Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppet Cisco IOS | =12.2\(33\)sch | |
| Puppet Cisco IOS | =12.2sch | |
| Cisco uBR10000 Cable Modem Termination System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-4202?
CVE-2015-4202 has a medium severity rating due to the potential exposure of sensitive information.
How do I fix CVE-2015-4202?
To fix CVE-2015-4202, update your Cisco IOS to a version that addresses this vulnerability.
What systems are affected by CVE-2015-4202?
CVE-2015-4202 affects Cisco IOS versions 12.2(33)SCH and 12.2SCH on uBR10000 routers.
What kind of information can be accessed through CVE-2015-4202?
CVE-2015-4202 allows attackers to access sensitive MAC address and network utilization information.
Is CVE-2015-4202 an authenticated vulnerability?
CVE-2015-4202 can be exploited remotely without authentication, increasing its risk.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/puppet cisco ios
- version/puppet cisco ios/12.2\(33\)sch
- version/puppet cisco ios/12.2sch
- canonical/cisco ubr10000 cable modem termination system