PT-2017-18955 · Cisco · Cisco Dpc3939
Chris Grayson
+2
·
Published
2017-07-31
·
Updated
2019-10-03
·
CVE-2017-9485
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco DPC3939 version dpc3939-P20-18-v303r20421746-170221a-CMCST
Description
The issue allows remote attackers to write arbitrary data to a known pathname, specifically /var/tmp/sess *, by leveraging the device's operation in UI dev mode.
Recommendations
For Cisco DPC3939 version dpc3939-P20-18-v303r20421746-170221a-CMCST, consider disabling the UI dev mode as a temporary workaround to minimize the risk of exploitation. Restrict access to the /var/tmp/sess * pathname to prevent arbitrary data writes until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Dpc3939