Bastille Tracking Number 29
CVE-2017-9486

Overview

A vulnerability has been discovered that enables an attacker to generate the password-of-the-day needed login to a target gateway over SSH.



Affected Platforms

Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST



Proof-of-Concept

Comcast gateways use a POTD (password-of-the-day) to authenticate SSH/CLI sessions.

An attacker can generate a list of POTDs.



Test Environment

Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST



Mitigation

There is no apparent mechanism to allow Comcast customers to control or change this behavior.



Recommended Remediation

Move to certificate-based authentication.


Credits

Marc Newlin and Logan Lamb, Bastille
Chris Grayson, Web Sight.IO