CVE-2017-9491: Infoleak

First published: Mon Jul 31 2017(Updated: )

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/references
• agent/tags
• agent/event
• agent/weakness
• agent/severity
• agent/author
• agent/description
• agent/type
• agent/softwarecombine
• agent/last-modified-date
• agent/first-publish-date
• vendor/cisco
• canonical/cisco dpc3939 firmware
• version/cisco dpc3939 firmware/dpc3939-p20-18-v303r20421733-160420a-cmcst
• canonical/cisco dpc3939
• version/cisco dpc3939 firmware/dpc3939-p20-18-v303r20421746-170221a-cmcst
• canonical/cisco dpc3939b firmware
• version/cisco dpc3939b firmware/dpc3939b-v303r204217-150321a-cmcst
• canonical/cisco dpc3939b
• canonical/cisco dpc3941t firmware
• version/cisco dpc3941t firmware/dpc3941_2.5s3_prod_sey
• canonical/cisco dpc3941t
• vendor/commscope
• canonical/commscope arris tg1682g firmware
• version/commscope arris tg1682g firmware/10.0.132.sip.pc20.ct
• version/commscope arris tg1682g firmware/tg1682_2.2p7s2_prod_sey
• canonical/commscope arris tg1682g