ID
VAR-201707-1013
CVE
CVE-2017-9487
TITLE
Cisco DPC3939 and DPC3941T Vulnerable to information disclosure
Trust: 0.8
DESCRIPTION
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover a WAN IPv6 IP address by leveraging knowledge of the CM MAC address. Cisco DPC3939 and DPC3941T Contains an information disclosure vulnerability.Information may be obtained. The Cisco DPC3939 and DPC3941T are both Cisco Wireless Voice Gateway products. Comcast is a firmware developed by Comcast, Inc., which runs on devices such as gateways and modems. A security vulnerability exists in the Cisco DPC3939 using the dpc3939-P20-18-v303r20421746-170221a-CMCST firmware and the Comcast firmware in the DPC3941T using the DPC3941_2.5s3_PROD_sey firmware. A remote attacker could exploit this vulnerability to obtain a WANIPv6 IP address
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | dpc3941t | scope: | eq | version: | dpc3941_2.5s3_prod_sey | Trust: 1.6 |
| vendor: | cisco | model: | dpc3939 | scope: | eq | version: | dpc3939-p20-18-v303r20421746-170221a-cmcst | Trust: 1.6 |
| vendor: | cisco | model: | dpc3939 wireless residential voice gateway | scope: | eq | version: | dpc3939-p20-18-v303r20421746-170221a-cmcst | Trust: 0.8 |
| vendor: | cisco | model: | dpc3941t wireless residential voice gateway | scope: | eq | version: | dpc3941_2.5s3_prod_sey | Trust: 0.8 |
| vendor: | cisco | model: | dpc3939 dpc3939-p20-18-v303r20421746-170221a-cmcst | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | dpc3941t dpc3941 2.5s3 prod sey | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | トップページ | url: | https://www.cisco.com/c/ja_jp/index.html | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-9487 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2017-006524 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201706-230 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-26623 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-117690 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/bastilleresearch/cabletap/blob/master/doc/advisories/bastille-30.wan0-ipv6-cm-mac.txt | Trust: 3.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-9487 | Trust: 1.4 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9487 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2017-26623 |
| db: | VULHUB | id: | VHN-117690 |
| db: | JVNDB | id: | JVNDB-2017-006524 |
| db: | CNNVD | id: | CNNVD-201706-230 |
| db: | NVD | id: | CVE-2017-9487 |
LAST UPDATE DATE
2025-04-20T23:32:11.011000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-26623 | date: | 2017-09-14T00:00:00 |
| db: | VULHUB | id: | VHN-117690 | date: | 2017-08-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006524 | date: | 2017-08-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-230 | date: | 2017-11-30T00:00:00 |
| db: | NVD | id: | CVE-2017-9487 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-26623 | date: | 2017-09-14T00:00:00 |
| db: | VULHUB | id: | VHN-117690 | date: | 2017-07-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006524 | date: | 2017-08-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-230 | date: | 2017-06-08T00:00:00 |
| db: | NVD | id: | CVE-2017-9487 | date: | 2017-07-31T03:29:00.597 |