Local File Reading Vulnerability in Cisco DPC3939 Firmware by Comcast
CVE-2017-9480
5.5MEDIUM
Summary
A vulnerability exists in the Comcast firmware for Cisco DPC3939 devices that enables local users to exploit UPnP features to access arbitrary files located in the system, specifically in the /var/IGD/ directory. This access could potentially expose sensitive information if exploits take advantage of prior vulnerabilities that grant users command access.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved