Cisco PSIRT reports that the vulnerability was first identified on an end-of-life (EOL) product, the DPR2320R2 Gateway. There is no fix planned for this EOL product. Newer-generation DOCSIS 2.0 products will have fixes made available through future releases. A fix for all DOCSIS 3.0 CPE based products will be in the next GA release.
Updates are not available to end users; updates will be made available to service providers for deployment to their end users at their discretion.
To exploit the vulnerability, the attacker may provide a link via e-mail, instant messaging, or another form of communication that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Cisco would like to thank Marcos M. Garcia (@artsweb) for discovering this vulnerability.