CVE-2018-10990
First published: Mon May 14 2018(Updated: )
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Commscope Arris Tg1682g Firmware | =9.1.103j6 | |
| Commscope Arris Tg1682g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2018-10990.
What is the severity of CVE-2018-10990?
The severity of CVE-2018-10990 is high.
Which devices are affected by CVE-2018-10990?
The Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are affected by CVE-2018-10990.
What is the risk associated with CVE-2018-10990?
CVE-2018-10990 could make it easier for attackers to obtain access to the device at a later time.
Is there a fix available for CVE-2018-10990?
There is no information provided about a fix for CVE-2018-10990.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/commscope
- canonical/commscope arris tg1682g firmware
- version/commscope arris tg1682g firmware/9.1.103j6
- canonical/commscope arris tg1682g