CVE-2017-9492

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt	Mitigation Third Party Advisory
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt	Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421733-160420a-cmcst:*:*:*:*:*:*:*

cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421746-170221a-cmcst:*:*:*:*:*:*:*

cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:dpc3939b_firmware:dpc3939b-v303r204217-150321a-cmcst:*:*:*:*:*:*:*

cpe:2.3:h:cisco:dpc3939b:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:dpc3941t_firmware:dpc3941_2.5s3_prod_sey:*:*:*:*:*:*:*

cpe:2.3:h:cisco:dpc3941t:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:commscope:arris_tg1682g_firmware:10.0.132.sip.pc20.ct:::::::*
	cpe:2.3:o:commscope:arris_tg1682g_firmware:tg1682_2.2p7s2_prod_sey:::::::*

cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:36

Type	Values Removed	Values Added
References	~~() https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt - Mitigation, Third Party Advisory~~	() https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt - Mitigation, Third Party Advisory

13 Sep 2021, 11:31

Type	Values Removed	Values Added
CPE	cpe:2.3:o:arris:tg1682g_firmware:10.0.132.sip.pc20.ct:::::::* cpe:2.3:h:arris:tg1682g:-:::::::* cpe:2.3:o:arris:tg1682g_firmware:tg1682_2.2p7s2_prod_sey:::::::*	cpe:2.3:h:commscope:arris_tg1682g:-:::::::* cpe:2.3:o:commscope:arris_tg1682g_firmware:10.0.132.sip.pc20.ct:::::::* cpe:2.3:o:commscope:arris_tg1682g_firmware:tg1682_2.2p7s2_prod_sey:::::::*

Information

Published : 2017-07-31 03:29

Updated : 2024-11-21 03:36

NVD link : CVE-2017-9492

Mitre link : CVE-2017-9492

CVE.ORG link : CVE-2017-9492

JSON object : View

Products Affected

cisco

dpc3939_firmware
dpc3939b
dpc3939
dpc3939b_firmware
dpc3941t_firmware
dpc3941t

commscope

arris_tg1682g_firmware
arris_tg1682g

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2017-9492", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-07-31T03:29:00.737", "references": [{"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt", "tags": ["Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt", "tags": ["Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies."}, {"lang": "es", "value": "El firmware Comcast en los dispositivos Cisco DPC3939 (versi\u00f3n de firmware dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (versi\u00f3n de firmware dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (versi\u00f3n de firmware dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (versi\u00f3n de firmware DPC3941_2.5s3_PROD_sey); y Arris TG1682G (versi\u00f3n 10.0.132.SIP.PC20.CT de eMTA y DOCSIS, versi\u00f3n de software TG1682_2.2p7s2_PROD_sey), no incluye la flag HTTPOnly en el encabezado Set-Cookie para aplicaciones de administraci\u00f3n, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener potencialmente informaci\u00f3n confidencial mediante un script de acceso a las cookies."}], "lastModified": "2024-11-21T03:36:15.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421733-160420a-cmcst:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76A1B99C-3219-4AED-85CE-18B979634B08"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4E96E97-FA9D-446C-A5D7-1B4C2DD939D4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421746-170221a-cmcst:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C881B07A-9652-465E-A804-1B5ED959E1C4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4E96E97-FA9D-446C-A5D7-1B4C2DD939D4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:dpc3939b_firmware:dpc3939b-v303r204217-150321a-cmcst:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66771E5F-70F1-409D-92EE-D30BF402F8FA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:dpc3939b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "600BCE42-4D69-42EB-AB79-2893A0D4D5C3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:dpc3941t_firmware:dpc3941_2.5s3_prod_sey:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42C5B524-7AF3-4171-8D5F-8AE80C7EA925"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:dpc3941t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "053BE8F7-5FFA-4021-B18C-651F0546A04B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:commscope:arris_tg1682g_firmware:10.0.132.sip.pc20.ct:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A2CACD9-23A9-4E24-A1C5-A09B99874EA9"}, {"criteria": "cpe:2.3:o:commscope:arris_tg1682g_firmware:tg1682_2.2p7s2_prod_sey:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E70716B6-6002-457E-8414-297402EDCC74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D2AFAD9-07CD-4960-801F-A602CB31BD61"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-9492

7.5^/10

5.0^/10

Attach tags to `CVE-2017-9492`