Is it possible to mac-spoof Xfinity Wireless?

It looks like this is a known vulnerability, aka CVE-2017-9475.

The National Vulnerability Database currently assigns this a CVSS 3.0 score of "5.9 - Medium", but claims the "attack complexity" (AC) is "high". However, CVSS 3.0 only provides two values for AC anyway -- either low or high:

Low (L):
Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component.

High (H): A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. For example, a successful attack may depend on an attacker overcoming any of the following conditions:
- The attacker must conduct target-specific reconnaissance. For example, on target configuration settings, sequence numbers, shared secrets, etc.
- The attacker must prepare the target environment to improve exploit reliability. For example, repeated exploitation to win a race condition, or overcoming advanced exploit mitigation techniques.
- The attacker must inject herself into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g. man in the middle attack).

Also, some good recommendations (such as the use of wifi certificates) are included here as well: https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-17.public-wifi-theft-impersonation.txt