Sign-up

ID

VAR-201707-1042


CVE

CVE-2017-9477


TITLE

Cisco DPC3939 Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-006590

DESCRIPTION

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot. Cisco DPC3939 Contains an information disclosure vulnerability.Information may be obtained. The Cisco DPC3939 is a wireless voice gateway product from Cisco. A security vulnerability exists in the Cisco DPC3939 firmware. Comcast is a set of firmware developed by Comcast Corporation of the United States that runs in devices such as gateways and modems

Trust: 2.25

sources: NVD: CVE-2017-9477 // JVNDB: JVNDB-2017-006590 // CNVD: CNVD-2017-27791 // VULHUB: VHN-117680

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-27791

AFFECTED PRODUCTS

vendor:ciscomodel:dpc3939scope:eqversion:dpc3939-p20-18-v303r20421733-160420a-cmcst

Trust: 1.6

vendor:ciscomodel:dpc3939scope:eqversion:dpc3939-p20-18-v303r20421746-170221a-cmcst

Trust: 1.6

vendor:ciscomodel:dpc3939 wireless residential voice gatewayscope:eqversion:dpc3939-p20-18-v303r20421733-160420a-cmcst

Trust: 0.8

vendor:ciscomodel:dpc3939 wireless residential voice gatewayscope:eqversion:dpc3939-p20-18-v303r20421746-170221a-cmcst

Trust: 0.8

vendor:ciscomodel:dpc3939 dpc3939-p20-18-v303r20421746-170221a-cmcstscope: - version: -

Trust: 0.6

vendor:ciscomodel:dpc3939 dpc3939-p20-18-v303r20421733-160420a-cmcstscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-27791 // JVNDB: JVNDB-2017-006590 // CNNVD: CNNVD-201706-272 // NVD: CVE-2017-9477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9477
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-9477
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-27791
value: LOW

Trust: 0.6

CNNVD: CNNVD-201706-272
value: LOW

Trust: 0.6

VULHUB: VHN-117680
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-9477
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-27791
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117680
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9477
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-27791 // VULHUB: VHN-117680 // JVNDB: JVNDB-2017-006590 // CNNVD: CNNVD-201706-272 // NVD: CVE-2017-9477

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-117680 // JVNDB: JVNDB-2017-006590 // NVD: CVE-2017-9477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-272

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-272

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006590

PATCH
title:トップページurl:https://www.cisco.com/c/ja_jp/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006590

EXTERNAL IDS
db:NVDid:CVE-2017-9477
Trust: 3.1
db:JVNDBid:JVNDB-2017-006590
Trust: 0.8
db:CNNVDid:CNNVD-201706-272
Trust: 0.7
db:CNVDid:CNVD-2017-27791
Trust: 0.6
db:VULHUBid:VHN-117680
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-27791 // 
            
            
            
            VULHUB: VHN-117680 // 
            
            
            
            JVNDB: JVNDB-2017-006590 // 
            
            
            
            CNNVD: CNNVD-201706-272 // 
            
            
            
            NVD: CVE-2017-9477

REFERENCES
url:https://github.com/bastilleresearch/cabletap/blob/master/doc/advisories/bastille-19.wifi-dhcp-cm-mac-leak.txt
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2017-9477
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9477
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-27791 // 
            
            
            
            VULHUB: VHN-117680 // 
            
            
            
            JVNDB: JVNDB-2017-006590 // 
            
            
            
            CNNVD: CNNVD-201706-272 // 
            
            
            
            NVD: CVE-2017-9477

SOURCES
db:CNVDid:CNVD-2017-27791
db:VULHUBid:VHN-117680
db:JVNDBid:JVNDB-2017-006590
db:CNNVDid:CNNVD-201706-272
db:NVDid:CVE-2017-9477

LAST UPDATE DATE
2025-04-20T23:22:19.315000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-27791date:2017-09-21T00:00:00
db:VULHUBid:VHN-117680date:2017-08-03T00:00:00
db:JVNDBid:JVNDB-2017-006590date:2017-08-30T00:00:00
db:CNNVDid:CNNVD-201706-272date:2017-11-29T00:00:00
db:NVDid:CVE-2017-9477date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-27791date:2017-09-21T00:00:00
db:VULHUBid:VHN-117680date:2017-07-31T00:00:00
db:JVNDBid:JVNDB-2017-006590date:2017-08-30T00:00:00
db:CNNVDid:CNNVD-201706-272date:2017-06-09T00:00:00
db:NVDid:CVE-2017-9477date:2017-07-31T03:29:00.270