Posted on 03/11/2016 6:54:58 PM PST by Utilizer
Cisco released software updates this week to patch several high severity vulnerabilities in the company’s cable modems, residential gateways and security appliances.
A couple of serious flaws in Cisco’s residential gateways were reported by Kyle Lovett, and Chris Watts of Tech Analysis.
Lovett discovered an information disclosure vulnerability (CVE-2016-1325) that allows a remote, unauthenticated attacker to access sensitive data on affected devices. The issue, caused by improper access restrictions, affects the Cisco DPC3941 Wireless Residential Gateway with Digital Voice and the DPC3939B Wireless Residential Voice Gateway.
Watts identified a denial-of-service (DoS) flaw affecting the Cisco DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway. The expert discovered that the devices improperly handle, process and terminate HTTP requests, allowing a remote, unauthenticated attacker to cause the system to enter a DoS condition (CVE-2016-1326).
(Excerpt) Read more at securityweek.com ...
Great. I just got one of these from Comcast. Is this patch done automatically?
Not ATTA. No mention of that there.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.