Lucene search

MitreCVE-2017-9490

HistoryJul 31, 2017 - 3:29 a.m.

CVE-2017-9490

2017-07-3103:29:00

CWE-352

mitre

web.nvd.nist.gov

comcast

firmware

arris tg1682g

csrf

configuration changes

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON

The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.

Affected configurations

Nvd

Node

ciscodpc3939b_firmwareMatchdpc3939b-v303r204217-150321a-cmcst

AND

ciscodpc3939bMatch-

Node

arristg1682g_firmwareMatch10.0.132.sip.pc20.ct

arristg1682g_firmwareMatchtg1682_2.2p7s2_prod_sey

AND

commscopearris_tg1682gMatch-

VendorProductVersionCPE
ciscodpc3939b_firmwaredpc3939b-v303r204217-150321a-cmcstcpe:2.3:o:cisco:dpc3939b_firmware:dpc3939b-v303r204217-150321a-cmcst:*:*:*:*:*:*:*
ciscodpc3939b-cpe:2.3:h:cisco:dpc3939b:-:*:*:*:*:*:*:*
arristg1682g_firmware10.0.132.sip.pc20.ctcpe:2.3:o:arris:tg1682g_firmware:10.0.132.sip.pc20.ct:*:*:*:*:*:*:*
arristg1682g_firmwaretg1682_2.2p7s2_prod_seycpe:2.3:o:arris:tg1682g_firmware:tg1682_2.2p7s2_prod_sey:*:*:*:*:*:*:*
commscopearris_tg1682g-cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	dpc3939b_firmware	dpc3939b-v303r204217-150321a-cmcst	cpe:2.3:o:cisco:dpc3939b_firmware:dpc3939b-v303r204217-150321a-cmcst:::::::*
cisco	dpc3939b	-	cpe:2.3:h:cisco:dpc3939b:-:::::::*
arris	tg1682g_firmware	10.0.132.sip.pc20.ct	cpe:2.3:o:arris:tg1682g_firmware:10.0.132.sip.pc20.ct:::::::*
arris	tg1682g_firmware	tg1682_2.2p7s2_prod_sey	cpe:2.3:o:arris:tg1682g_firmware:tg1682_2.2p7s2_prod_sey:::::::*
commscope	arris_tg1682g	-	cpe:2.3:h:commscope:arris_tg1682g:-:::::::*

References

github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON

Related for CVE-2017-9490