Sign-up

ID

VAR-201707-1048


CVE

CVE-2017-9483


TITLE

Cisco DPC3939 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-006520

DESCRIPTION

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. Cisco DPC3939 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco DPC3939 is a wireless voice gateway product from Cisco. A security vulnerability exists in the Cisco DPC3939 firmware. Allows an attacker to execute arbitrary commands on an Application Processor (ARM) Linux instance on the gateway. Comcast is a set of firmware developed by Comcast Corporation of the United States that runs in devices such as gateways and modems. An attacker could exploit this vulnerability to gain root access by using shell metacharacters in commands

Trust: 2.34

sources: NVD: CVE-2017-9483 // JVNDB: JVNDB-2017-006520 // CNVD: CNVD-2017-27785 // VULHUB: VHN-117686 // VULMON: CVE-2017-9483

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-27785

AFFECTED PRODUCTS

vendor:ciscomodel:dpc3939scope:eqversion:dpc3939-p20-18-v303r20421746-170221a-cmcst

Trust: 1.6

vendor:ciscomodel:dpc3939 wireless residential voice gatewayscope:eqversion:dpc3939-p20-18-v303r20421746-170221a-cmcst

Trust: 0.8

vendor:ciscomodel:dpc3939 dpc3939-p20-18-v303r20421746-170221a-cmcstscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-27785 // JVNDB: JVNDB-2017-006520 // CNNVD: CNNVD-201706-234 // NVD: CVE-2017-9483

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9483
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9483
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-27785
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-234
value: CRITICAL

Trust: 0.6

VULHUB: VHN-117686
value: HIGH

Trust: 0.1

VULMON: CVE-2017-9483
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9483
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-27785
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117686
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9483
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-27785 // VULHUB: VHN-117686 // VULMON: CVE-2017-9483 // JVNDB: JVNDB-2017-006520 // CNNVD: CNNVD-201706-234 // NVD: CVE-2017-9483

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-117686 // JVNDB: JVNDB-2017-006520 // NVD: CVE-2017-9483

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-234

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-234

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006520

PATCH
title:トップページurl:https://www.cisco.com/c/ja_jp/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006520

EXTERNAL IDS
db:NVDid:CVE-2017-9483
Trust: 3.2
db:JVNDBid:JVNDB-2017-006520
Trust: 0.8
db:CNNVDid:CNNVD-201706-234
Trust: 0.7
db:CNVDid:CNVD-2017-27785
Trust: 0.6
db:VULHUBid:VHN-117686
Trust: 0.1
db:VULMONid:CVE-2017-9483
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-27785 // 
            
            
            
            VULHUB: VHN-117686 // 
            
            
            
            VULMON: CVE-2017-9483 // 
            
            
            
            JVNDB: JVNDB-2017-006520 // 
            
            
            
            CNNVD: CNNVD-201706-234 // 
            
            
            
            NVD: CVE-2017-9483

REFERENCES
url:https://github.com/bastilleresearch/cabletap/blob/master/doc/advisories/bastille-26.arbitrary-command-execution.txt
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2017-9483
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9483
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-27785 // 
            
            
            
            VULHUB: VHN-117686 // 
            
            
            
            VULMON: CVE-2017-9483 // 
            
            
            
            JVNDB: JVNDB-2017-006520 // 
            
            
            
            CNNVD: CNNVD-201706-234 // 
            
            
            
            NVD: CVE-2017-9483

SOURCES
db:CNVDid:CNVD-2017-27785
db:VULHUBid:VHN-117686
db:VULMONid:CVE-2017-9483
db:JVNDBid:JVNDB-2017-006520
db:CNNVDid:CNNVD-201706-234
db:NVDid:CVE-2017-9483

LAST UPDATE DATE
2025-04-20T23:19:54.048000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-27785date:2017-09-21T00:00:00
db:VULHUBid:VHN-117686date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-9483date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-006520date:2017-08-29T00:00:00
db:CNNVDid:CNNVD-201706-234date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9483date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-27785date:2017-09-21T00:00:00
db:VULHUBid:VHN-117686date:2017-07-31T00:00:00
db:VULMONid:CVE-2017-9483date:2017-07-31T00:00:00
db:JVNDBid:JVNDB-2017-006520date:2017-08-29T00:00:00
db:CNNVDid:CNNVD-201706-234date:2017-06-08T00:00:00
db:NVDid:CVE-2017-9483date:2017-07-31T03:29:00.473