Sign-up

ID

VAR-201707-1017


CVE

CVE-2017-9491


TITLE

plural Cisco DPC Products and Arris TG1682G Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-006592

DESCRIPTION

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. plural Cisco DPC Products and Arris TG1682G Contains an information disclosure vulnerability.Information may be obtained. Cisco DPC3939 (XB3) and so on are Cisco's wireless home voice gateway products. The ArrisTG1682G is a modem product from Arris, USA. Comcast is a firmware developed by Comcast, Inc., which runs on devices such as gateways and modems. There are security holes in the Comcast firmware in several products. A remote attacker can exploit this vulnerability to take a screenshot of a cookie

Trust: 2.25

sources: NVD: CVE-2017-9491 // JVNDB: JVNDB-2017-006592 // CNVD: CNVD-2017-26626 // VULHUB: VHN-117694

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-26626

AFFECTED PRODUCTS

vendor:ciscomodel:dpc3941tscope:eqversion:dpc3941_2.5s3_prod_sey

Trust: 1.6

vendor:ciscomodel:dpc3939bscope:eqversion:dpc3939b-v303r204217-150321a-cmcst

Trust: 1.6

vendor:ciscomodel:dpc3939scope:eqversion:dpc3939-p20-18-v303r20421746-170221a-cmcst

Trust: 1.6

vendor:ciscomodel:dpc3939scope:eqversion:dpc3939-p20-18-v303r20421733-160420a-cmcst

Trust: 1.6

vendor:commscopemodel:arris tg1682gscope:eqversion:10.0.132.sip.pc20.ct

Trust: 1.0

vendor:commscopemodel:arris tg1682gscope:eqversion:tg1682_2.2p7s2_prod_sey

Trust: 1.0

vendor:arris groupmodel:tg1682gscope: - version: -

Trust: 0.8

vendor:ciscomodel:dpc3939 wireless residential voice gatewayscope: - version: -

Trust: 0.8

vendor:ciscomodel:dpc3939b business wireless gatewayscope: - version: -

Trust: 0.8

vendor:ciscomodel:dpc3941t wireless residential voice gatewayscope: - version: -

Trust: 0.8

vendor:ciscomodel:dpc3939 dpc3939-p20-18-v303r20421746-170221a-cmcstscope: - version: -

Trust: 0.6

vendor:ciscomodel:dpc3941t dpc3941 2.5s3 prod seyscope: - version: -

Trust: 0.6

vendor:ciscomodel:dpc3939b dpc3939b-v303r204217-150321a-cmcstscope: - version: -

Trust: 0.6

vendor:ciscomodel:dpc3939 dpc3939-p20-18-v303r20421733-160420a-cmcstscope: - version: -

Trust: 0.6

vendor:arrismodel:tg1682g emta&docsis 10.0.132.sip.pc20.ctscope: - version: -

Trust: 0.6

vendor:arrismodel:tg1682g tg1682 2.2p7s2 prod seyscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-26626 // JVNDB: JVNDB-2017-006592 // CNNVD: CNNVD-201706-226 // NVD: CVE-2017-9491

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9491
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-9491
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-26626
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-226
value: MEDIUM

Trust: 0.6

VULHUB: VHN-117694
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9491
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-26626
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117694
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9491
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2017-9491
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-26626 // VULHUB: VHN-117694 // JVNDB: JVNDB-2017-006592 // CNNVD: CNNVD-201706-226 // NVD: CVE-2017-9491

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-117694 // JVNDB: JVNDB-2017-006592 // NVD: CVE-2017-9491

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-226

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-226

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006592

PATCH
title:TG1682Gurl:http://arris.force.com/consumers/ConsumerProductDetail?p=a0ha000000TnNmSAAV&c=Touchstone%20Modems%20and%20Gateways
Trust: 0.8
title:トップページurl:https://www.cisco.com/c/ja_jp/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006592

EXTERNAL IDS
db:NVDid:CVE-2017-9491
Trust: 3.1
db:JVNDBid:JVNDB-2017-006592
Trust: 0.8
db:CNNVDid:CNNVD-201706-226
Trust: 0.7
db:CNVDid:CNVD-2017-26626
Trust: 0.6
db:VULHUBid:VHN-117694
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-26626 // 
            
            
            
            VULHUB: VHN-117694 // 
            
            
            
            JVNDB: JVNDB-2017-006592 // 
            
            
            
            CNNVD: CNNVD-201706-226 // 
            
            
            
            NVD: CVE-2017-9491

REFERENCES
url:https://github.com/bastilleresearch/cabletap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-9491
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9491
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-26626 // 
            
            
            
            VULHUB: VHN-117694 // 
            
            
            
            JVNDB: JVNDB-2017-006592 // 
            
            
            
            CNNVD: CNNVD-201706-226 // 
            
            
            
            NVD: CVE-2017-9491

SOURCES
db:CNVDid:CNVD-2017-26626
db:VULHUBid:VHN-117694
db:JVNDBid:JVNDB-2017-006592
db:CNNVDid:CNNVD-201706-226
db:NVDid:CVE-2017-9491

LAST UPDATE DATE
2025-04-20T23:42:11.161000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-26626date:2017-09-14T00:00:00
db:VULHUBid:VHN-117694date:2017-08-03T00:00:00
db:JVNDBid:JVNDB-2017-006592date:2017-08-30T00:00:00
db:CNNVDid:CNNVD-201706-226date:2021-09-14T00:00:00
db:NVDid:CVE-2017-9491date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-26626date:2017-09-14T00:00:00
db:VULHUBid:VHN-117694date:2017-07-31T00:00:00
db:JVNDBid:JVNDB-2017-006592date:2017-08-30T00:00:00
db:CNNVDid:CNNVD-201706-226date:2017-06-08T00:00:00
db:NVDid:CVE-2017-9491date:2017-07-31T03:29:00.707