CVE-2018-10990

{"id": "CVE-2018-10990", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}]}, "published": "2018-05-14T14:29:00.350", "references": [{"url": "https://medium.com/%40AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c", "source": "cve@mitre.org"}, {"url": "https://medium.com/%40AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the \"credential\" cookie, which might make it easier for attackers to obtain access at a later time (e.g., \"at least for a few minutes\"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser."}, {"lang": "es", "value": "En dispositivos Arris Touchstone Telephony Gateway TG1682G 9.1.103J6, una acci\u00f3n de finalizaci\u00f3n de sesi\u00f3n no destruye inmediatamente todo el estado del dispositivo relacionado con la validez de la cookie \"credential\", lo que hace que sea m\u00e1s f\u00e1cil para los atacantes obtener acceso posteriormente (por ejemplo, \"al menos un par de minutos\"). NOTA: no existe ninguna documentaci\u00f3n que hable de que se supone que la caracter\u00edstica de finalizaci\u00f3n de sesi\u00f3n de la interfaz de usuario web hace algo m\u00e1s all\u00e1 de eliminar la cookie de una instancia de un navegador web. La acci\u00f3n de finalizar la sesi\u00f3n del lado del cliente no suele considerar casos en los que una persona ha hecho una copia de una cookie fuera de un navegador."}], "lastModified": "2024-11-21T03:42:27.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:commscope:arris_tg1682g_firmware:9.1.103j6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B89139C7-E762-4F5F-A6AD-CC67CFC96136"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D2AFAD9-07CD-4960-801F-A602CB31BD61"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}