Cisco Universal Broadband Routers allow attackers to bypass DOCSIS Message Integrity Check (MIC)

cisco-ubr-mic-bypass (9368) The risk level is classified as MediumMedium Risk

Description:

Cisco uBR7200 series and uBR7100 series Universal Broadband Routers shipped with certain versions of Cisco IOS could allow a remote attacker to gain unauthorized service. A remote attacker can create an invalid DOCSIS (Data Over Cable Service Interface Specification) file without an MIC (Message Integrity Check) signature for the cable modem and register it with a vulnerable router to gain unauthorized service to the cable modem.


Consequences:

Gain Access

Remedy:

Apply the appropriate patch for your version of Cisco IOS, as listed in Cisco Security Advisory: Cable Modem Termination System Authentication Bypass. See References.

References:

  • Cisco Systems Inc. Security Advisory, 2002 June 17 at 19:00 GMT: Cable Modem Termination System Authentication Bypass.
  • BID-5041: Cisco uBR7200 / uBR7100 Universal Broadband Routers DOCSIS MIC Bypass Vulnerability
  • CVE-2002-1706: Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.

Platforms Affected:

  • Cisco IOS 11.3NA
  • Cisco IOS 11.3T
  • Cisco IOS 11.3XA
  • Cisco IOS 12.0
  • Cisco IOS 12.0SC
  • Cisco IOS 12.0T
  • Cisco IOS 12.0XR
  • Cisco IOS 12.1
  • Cisco IOS 12.1CX
  • Cisco IOS 12.1EC
  • Cisco IOS 12.1T
  • Cisco IOS 12.2
  • Cisco IOS 12.2BC
  • Cisco IOS 12.2T
  • Cisco IOS 12.2XF
  • Cisco uBR7100
  • Cisco uBR7200

Reported:

Jun 17, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page