1. Home
  2. CVE Database
  3. CVE-2017-9491
MEDIUM · 5.3

CVE-2017-9491

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmwa...

Vulnerability Description

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoDpc3939 Firmwaredpc3939-p20-18-v303r20421733-160420a-cmcst
CiscoDpc3939-
CiscoDpc3939B Firmwaredpc3939b-v303r204217-150321a-cmcst
CiscoDpc3939B-
CiscoDpc3941T Firmwaredpc3941_2.5s3_prod_sey
CiscoDpc3941T-
CommscopeArris Tg1682G Firmware10.0.132.sip.pc20.ct
CommscopeArris Tg1682G-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2017-9491?

CVE-2017-9491 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmwa...

How severe is CVE-2017-9491?

CVE-2017-9491 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9491?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Dpc3939 Firmware, Cisco Dpc3939, Cisco Dpc3939B Firmware, Cisco Dpc3939B, Cisco Dpc3941T Firmware.