CVE-2017-9491

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421733-160420a-cmcst:*:*:*:*:*:*:*
cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421746-170221a-cmcst:*:*:*:*:*:*:*
cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:dpc3939b_firmware:dpc3939b-v303r204217-150321a-cmcst:*:*:*:*:*:*:*
cpe:2.3:h:cisco:dpc3939b:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cisco:dpc3941t_firmware:dpc3941_2.5s3_prod_sey:*:*:*:*:*:*:*
cpe:2.3:h:cisco:dpc3941t:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:commscope:arris_tg1682g_firmware:10.0.132.sip.pc20.ct:*:*:*:*:*:*:*
cpe:2.3:o:commscope:arris_tg1682g_firmware:tg1682_2.2p7s2_prod_sey:*:*:*:*:*:*:*
cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:36

Type Values Removed Values Added
References () https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt - Mitigation, Third Party Advisory () https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt - Mitigation, Third Party Advisory

Information

Published : 2017-07-31 03:29

Updated : 2024-11-21 03:36


NVD link : CVE-2017-9491

Mitre link : CVE-2017-9491

CVE.ORG link : CVE-2017-9491


JSON object : View

Products Affected

cisco

  • dpc3939_firmware
  • dpc3939b
  • dpc3941t_firmware
  • dpc3939
  • dpc3941t
  • dpc3939b_firmware

commscope

  • arris_tg1682g_firmware
  • arris_tg1682g
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor