Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-9491

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

Published

2017-07-31T03:29:00.707

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco dpc3939_firmware dpc3939-p20-18-v303r20421733-160420a-cmcst Yes
Hardware cisco dpc3939 - No
Operating System cisco dpc3939_firmware dpc3939-p20-18-v303r20421746-170221a-cmcst Yes
Hardware cisco dpc3939 - No
Operating System cisco dpc3939b_firmware dpc3939b-v303r204217-150321a-cmcst Yes
Hardware cisco dpc3939b - No
Operating System cisco dpc3941t_firmware dpc3941_2.5s3_prod_sey Yes
Hardware cisco dpc3941t - No
Operating System commscope arris_tg1682g_firmware 10.0.132.sip.pc20.ct Yes
Operating System commscope arris_tg1682g_firmware tg1682_2.2p7s2_prod_sey Yes
Hardware commscope arris_tg1682g - No
References