CVE-2017-9480

CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Dpc3939 Firmware

Timeline

PublishedJul 31

Latest updateMay 17

Description

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to /var/IGD/.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/dpc3939_firmwaredpc3939-p20-18-v303r20421746-170221a-cmcst

🔴Vulnerability Details

GHSA

GHSA-rjx4-6pxq-6pqg: The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e↗2022-05-17

▶

CVEList

CVE-2017-9480: The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e↗2017-07-31

▶