7.5

CVE-2017-9492

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.

Data is provided by the National Vulnerability Database (NVD)
CiscoDpc3939 Firmware Versiondpc3939-p20-18-v303r20421733-160420a-cmcst
   CiscoDpc3939 Version-
CiscoDpc3939 Firmware Versiondpc3939-p20-18-v303r20421746-170221a-cmcst
   CiscoDpc3939 Version-
CiscoDpc3939b Firmware Versiondpc3939b-v303r204217-150321a-cmcst
   CiscoDpc3939b Version-
CiscoDpc3941t Firmware Versiondpc3941_2.5s3_prod_sey
   CiscoDpc3941t Version-
CommscopeArris Tg1682g Firmware Version10.0.132.sip.pc20.ct
   CommscopeArris Tg1682g Version-
CommscopeArris Tg1682g Firmware Versiontg1682_2.2p7s2_prod_sey
   CommscopeArris Tg1682g Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.34% 0.536
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.