[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bastille and Comcast CVE IDs

We looked at the 26 CVE IDs related to Bastille.io's CableTap research:


A handful seem to be exploits or impacts of other vulnerabilities, but 
not vulnerabilities warranting CVE IDs.

Here is one example:


The Comcast firmware on Motorola MX011ANM (firmware version 
MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers 
to access an SNMP server by connecting a cable to the Ethernet port, 
and then establishing communication with the device's link-local IPv6 

Does running an SNMP service get a CVE ID?

Another example:

CVE-2017-9480 is one possible impact (attacker can download config 
file) of CVE-2017-9479 (syseventd running as root listening on some 
local networks).

I was considering submitting a pull request with a bunch of status 
REJECT or DISPUTED, then thought I'd solicit other opinions first.


 - Art

Page Last Updated or Reviewed: September 29, 2017