Signature Detail

HTTP: Cisco User-Changeable Password CSuserCGI.exe Cross-Site Scripting

This signature detects attempts to exploit a known vulnerability in Cisco User-Changeable Password. An attacker can create a malicious Web site containing Web pages using CSuserCGI executable as a vector for cross-site scripting, which if accessed by a victim, allows the attacker to take over the victim's browser.

Extended Description

Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers. The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205. These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.

Affected Products

• Cisco User-Changeable Password (UCP) 3.3.4.12.5
• Cisco User-Changeable Password (UCP)

References

• BugTraq: 28222
• CVE: CVE-2008-0533
• URL: http://www.securityfocus.com/archive/1/20080312.ucp@psirt.cisco.com
• URL: http://downloads.securityfocus.com/vulnerabilities/exploits/28222.html
• URL: http://www.securityfocus.com/archive/1/20080312174151.aaccc89b.fx@recurity-labs.com