// For flags

CVE-2017-9485

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leveraging the device's operation in UI dev mode.

El firmware Comcast en los dispositivos Cisco DPC3939 (versiĆ³n de firmware dpc3939-P20-18-v303r20421746-170221a-CMCST), permite a los atacantes remotos escribir datos arbitrarios en un nombre de ruta conocida /var/tmp/sess_* mediante el aprovechamiento de la operaciĆ³n del dispositivo en modo dev de la interfaz de usuario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-06-07 CVE Reserved
  • 2017-07-31 CVE Published
  • 2023-06-09 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Dpc3939 Firmware
Search vendor "Cisco" for product "Dpc3939 Firmware"
 dpc3939-p20-18-v303r20421746-170221a-cmcst
Search vendor "Cisco" for product "Dpc3939 Firmware" and version "dpc3939-p20-18-v303r20421746-170221a-cmcst"
-
Affected
in Cisco
Search vendor "Cisco"
 Dpc3939
Search vendor "Cisco" for product "Dpc3939"
--
Safe