5.3
CVE-2017-9491
- EPSS 0.26%
- Published 31.07.2017 03:29:00
- Last modified 20.04.2025 01:37:25
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Dpc3939 Firmware Versiondpc3939-p20-18-v303r20421733-160420a-cmcst
Cisco ≫ Dpc3939 Firmware Versiondpc3939-p20-18-v303r20421746-170221a-cmcst
Cisco ≫ Dpc3939b Firmware Versiondpc3939b-v303r204217-150321a-cmcst
Cisco ≫ Dpc3941t Firmware Versiondpc3941_2.5s3_prod_sey
Commscope ≫ Arris Tg1682g Firmware Version10.0.132.sip.pc20.ct
Commscope ≫ Arris Tg1682g Firmware Versiontg1682_2.2p7s2_prod_sey
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.468 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.