CVE-2017-9491

MEDIUM

Cisco DPC3939/DPC3939B/DPC3941T & Arris TG1682G Firmware - Sensitive Cookie Exposure via Missing Secure Flag

Title source: llm

Description

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

References (1)

Core 1

Core References

Mitigation, Third Party Advisory x_refsource_misc

https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0128

EPSS Percentile 66.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (6)

cisco/dpc3939_firmware dpc3939-p20-18-v303r20421733-160420a-cmcst

cisco/dpc3939_firmware dpc3939-p20-18-v303r20421746-170221a-cmcst

cisco/dpc3939b_firmware dpc3939b-v303r204217-150321a-cmcst

cisco/dpc3941t_firmware dpc3941_2.5s3_prod_sey

commscope/arris_tg1682g_firmware 10.0.132.sip.pc20.ct

commscope/arris_tg1682g_firmware tg1682_2.2p7s2_prod_sey

Published Jul 31, 2017

Tracked Since Feb 18, 2026