Lucene search

K
cveMitreCVE-2017-9497
HistoryJul 31, 2017 - 3:29 a.m.

CVE-2017-9497

2017-07-3103:29:00
CWE-20
mitre
web.nvd.nist.gov
39
comcast firmware
motorola mx011anm
arbitrary commands execution
root access
security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

32.8%

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route.

Affected configurations

Nvd
Node
ciscomx011anm_firmwareMatchmx011an_2.9p6s1_prod_sey
AND
motorolamx011anmMatch-
VendorProductVersionCPE
ciscomx011anm_firmwaremx011an_2.9p6s1_prod_seycpe:2.3:o:cisco:mx011anm_firmware:mx011an_2.9p6s1_prod_sey:*:*:*:*:*:*:*
motorolamx011anm-cpe:2.3:h:motorola:mx011anm:-:*:*:*:*:*:*:*

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

32.8%

Related for CVE-2017-9497