CVE-2017-9493 : The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code.

Published 2017-07-31 03:29:01

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-9493

Cisco » Mx011anm Firmware » Version: Mx011an 2.9p6s1 Prod Sey
cpe:2.3:o:cisco:mx011anm_firmware:mx011an_2.9p6s1_prod_sey:*:*:*:*:*:*:*
Matching versions
When used together with: Motorola » Mx011anm » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-9493

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-9493

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.3	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	2.8	3.4	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

References for CVE-2017-9493

https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-37.rf4ce-forced-pairing.vendor.txt

CableTap/bastille-37.rf4ce-forced-pairing.vendor.txt at master · BastilleResearch/CableTap · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2017-9493

Products affected by CVE-2017-9493

Exploit prediction scoring system (EPSS) score for CVE-2017-9493

CVSS scores for CVE-2017-9493

References for CVE-2017-9493