4.3
MEDIUM
CVE-2012-3047
Cisco Scientific Atlanta D20 and D30 Cable Modems XSS
Description

Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

INFO

Published Date :

Dec. 10, 2013, 7:55 p.m.

Last Modified :

Dec. 12, 2013, 4:56 p.m.

Remotely Exploitable :

Yes !

Impact Score :

2.9

Exploitability Score :

8.6
Affected Products

The following products are affected by CVE-2012-3047 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco scientific_atlanta_dpc\/epc_3208
2 Cisco scientific_atlanta_dpc\/epc2100
3 Cisco scientific_atlanta_dpc\/epc2202
4 Cisco scientific_atlanta_dpc\/epc2203
5 Cisco scientific_atlanta_dpc\/epc2325
6 Cisco scientific_atlanta_dpc\/epc2425
7 Cisco scientific_atlanta_dpc\/epc2434
8 Cisco scientific_atlanta_dpc\/epc2505
9 Cisco scientific_atlanta_dpc\/epc3010
10 Cisco scientific_atlanta_dpc\/epc3212
11 Cisco scientific_atlanta_dpc2420
12 Cisco scientific_atlanta_dpc3000\/epc3000
13 Cisco scientific_atlanta_dpc3008\/epc3008
14 Cisco scientific_atlanta_dpc3825
15 Cisco scientific_atlanta_dpc3925
16 Cisco scientific_atlanta_dpq\/epq2160
17 Cisco scientific_atlanta_dpq2202
18 Cisco scientific_atlanta_dpq2425
19 Cisco scientific_atlanta_dpq3212
20 Cisco scientific_atlanta_dpq3925
21 Cisco scientific_atlanta_dpr362
22 Cisco scientific_atlanta_dpw700
23 Cisco scientific_atlanta_dpw730
24 Cisco scientific_atlanta_dpw939
25 Cisco scientific_atlanta_dpw941
26 Cisco scientific_atlanta_dpx\/epx2100
27 Cisco scientific_atlanta_dpx\/epx2203
28 Cisco scientific_atlanta_dpx\/epx2203c
29 Cisco scientific_atlanta_dpx100\/120
30 Cisco scientific_atlanta_dpx110
31 Cisco scientific_atlanta_dpx130
32 Cisco scientific_atlanta_dpx213
33 Cisco scientific_atlanta_dpx2213
34 Cisco scientific_atlanta_epc2420
35 Cisco scientific_atlanta_epc3825
36 Cisco scientific_atlanta_epc3925
37 Cisco scientific_atlanta_wag310g
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2012-3047.

URL Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=26036 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2012-3047 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2012-3047 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2012-3047 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2012-3047 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.18 }} -0.00%

score

0.56456

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability