Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities

Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.

Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.

The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.

These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.


Privacy Statement
Copyright 2010, SecurityFocus