Remote Mac Address Discovery Vulnerability in Cisco DPC3939 Firmware
CVE-2017-9484

7.5HIGH

Key Information:

Vendor: Cisco
Status: Dpc3939 Firmware
Vendor: CVE Published:; 31 July 2017

Summary

The firmware on specific Cisco DPC3939 devices exposes a security flaw that allows remote attackers to ascertain the cable modem's MAC address. By sniffing Wi-Fi traffic and performing basic arithmetic operations, malicious actors can exploit this vulnerability to discover sensitive network information, potentially leading to unauthorized access or further attacks. It is critical that users ensure their firmware is updated to mitigate this risk.

References

https://github.com/BastilleResearch/CableTap/blob/master/...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2017
Vulnerability Reserved
Jun 7, 2017