Cisco patches a bunch of cable modem vulns
HTTPS content inspection box also needs a fix
Cisco's joined the “residential broadband gateways with SOHOpeless security” club, announcing not one but three vulnerable systems.
At least, in this case, there's some chance that systems will get patched, since the products are predominantly sold through service provider partners.
The vulns are as follows:
Another gateway, the DPQ3925, has an HTTP handling error that exposes it to denial-of-service attacks.
Credit where due, though: The Register notes that the DPC2203 hasn't shipped since 2013.
The DPC3939 and 3941 are far more recent DOCSIS 3.0-capable systems.
Sysadmins will also want to get busy if they're using the Cisco ASA Content Security and Control Security Services Module, because it's got a denial-of-service vulnerability.
The system doesn't handle HTTPS packets properly, and if an attacker soaks the target device with HTTPS packets it can be crashed.
The bug is specific to Cisco ASA 5500 CSC-SSM devices cap-able of HTTPS inspection, with software prior to 6.6.1164.0 (or without hotfix 1157). ®