1. Home
  2. CVE Database
  3. CVE-2018-10990
HIGH · 8.0

CVE-2018-10990

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might ma...

Vulnerability Description

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CommscopeArris Tg1682G Firmware9.1.103j6
CommscopeArris Tg1682G-

Related Weaknesses (CWE)

CWE-613

References

FAQ

What is CVE-2018-10990?

CVE-2018-10990 is a vulnerability with a CVSS score of 8.0 (HIGH). On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might ma...

How severe is CVE-2018-10990?

CVE-2018-10990 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10990?

Check the references section above for vendor advisories and patch information. Affected products include: Commscope Arris Tg1682G Firmware, Commscope Arris Tg1682G.