CVE-2017-9491 : The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r2042

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

Published 2017-07-31 03:29:01

Updated 2021-09-13 11:31:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2017-9491

Cisco » Dpc3939 Firmware » Version: Dpc3939-p20-18-v303r20421746-170221a-cmcst
cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421746-170221a-cmcst:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Dpc3939 » Version: N/A
Cisco » Dpc3939 Firmware » Version: Dpc3939-p20-18-v303r20421733-160420a-cmcst
cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421733-160420a-cmcst:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Dpc3939 » Version: N/A
Cisco » Dpc3941t Firmware » Version: Dpc3941 2.5s3 Prod Sey
cpe:2.3:o:cisco:dpc3941t_firmware:dpc3941_2.5s3_prod_sey:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Dpc3941t » Version: N/A
Cisco » Dpc3939b Firmware » Version: Dpc3939b-v303r204217-150321a-cmcst
cpe:2.3:o:cisco:dpc3939b_firmware:dpc3939b-v303r204217-150321a-cmcst:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Dpc3939b » Version: N/A
Commscope » Arris Tg1682g Firmware » Version: 10.0.132.sip.pc20.ct
cpe:2.3:o:commscope:arris_tg1682g_firmware:10.0.132.sip.pc20.ct:*:*:*:*:*:*:*
Matching versions
When used together with: Commscope » Arris Tg1682g » Version: N/A
Commscope » Arris Tg1682g Firmware » Version: Tg1682 2.2p7s2 Prod Sey
cpe:2.3:o:commscope:arris_tg1682g_firmware:tg1682_2.2p7s2_prod_sey:*:*:*:*:*:*:*
Matching versions
When used together with: Commscope » Arris Tg1682g » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-9491

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-9491

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2017-9491

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-9491

https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt

CableTap/bastille-35.improper-cookie-flags.txt at master · BastilleResearch/CableTap · GitHub
Mitigation;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-9491

Products affected by CVE-2017-9491

Exploit prediction scoring system (EPSS) score for CVE-2017-9491

CVSS scores for CVE-2017-9491

CWE ids for CVE-2017-9491

References for CVE-2017-9491