PT-2017-2836 · Comcast+1 · Comcast Firmware+2

Chris Grayson

Published

2017-07-31

Updated

2019-10-03

CVE-2017-9482

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Comcast firmware on Cisco DPC3939 version dpc3939-P20-18-v303r20421746-170221a-CMCST

Description The issue is related to insufficient access control in the TELNET session of the Comcast firmware on Cisco DPC3939 devices. This allows a remote attacker to gain root access to the Network Processor Linux system by exploiting the vulnerability and establishing a TELNET session.

Recommendations For Comcast firmware on Cisco DPC3939 version dpc3939-P20-18-v303r20421746-170221a-CMCST, consider disabling the TELNET daemon as a temporary workaround until a patch is available. Restrict access to the TELNET session to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-264

Related Identifiers

BDU:2017-02116

CVE-2017-9482

Affected Products

Cisco Dpc3939

Comcast Firmware

Network Processor Linux

PT-2017-2836 · Comcast+1 · Comcast Firmware+2

CVE-2017-9482

Weakness Enumeration

Related Identifiers

Affected Products

References · 4