Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability

A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks.

The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software while handling HTTP requests. An attacker could exploit this vulnerability by convincing a user to follow a malicious HTTP URL with crafted carriage return-line feed (CRLF) characters. When processed, such characters could allow the attacker to execute arbitrary script code in the browser in the security context of the affected site or to generate crafted responses for the user. This may allow the attacker to conduct further attacks on the targeted system.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.