Cisco uBR10000 Series Universal Broadband Routers Information Disclosure Vulnerability

A vulnerability in the processing of IP Detail Record (IPDR) packets on Cisco uBR10000 devices could allow an unauthenticated, remote attacker to gather a limited amount of IPDR data from the affected device.

The vulnerability is due to the inability of Cisco Cable Modem Termination Systems (CMTS) to define access control lists (ACLs) specific to the IPDR service to block unauthorized users. An attacker could exploit this vulnerability by sending crafted IPDR packets requesting that a limited amount of information from an affected CMTS is exported back to the attacker’s IP address. A successful exploit could allow the attacker to gather a limited amount of IPDR data from the affected device.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, the attacker must send crafted IPDR packets to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.

Only MAC addresses on devices behind the CMTS device and a total number of bytes can be gathered from a CMTS device. A successful exploit does not provide an attacker with any information that maps MAC addresses to user ID information.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.