CVE-2017-9491
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD
Description
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version dpc3939-p20-18-v303r20421733-160420a-cmcst |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version dpc3939-p20-18-v303r20421746-170221a-cmcst |
| Running on/with | Platform Versions |
|---|---|
Cisco Dpc3939 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version dpc3939b-v303r204217-150321a-cmcst |
| Running on/with | Platform Versions |
|---|---|
Cisco Dpc3939b | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version dpc3941_2.5s3_prod_sey |
| Running on/with | Platform Versions |
|---|---|
Cisco Dpc3941t | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0.132.sip.pc20.ct |
| Running on/with | Platform Versions |
|---|---|
Commscope Arris Tg1682g | All versions |
References (2)
Source: cve@mitre.org
MitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Timeline
No history available yet.