Improper Cookie Flag Handling in Cisco and Arris Networking Devices
CVE-2017-9491

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Dpc3939 Firmware
Vendor: CVE Published:; 31 July 2017

Summary

Certain Cisco and Arris devices have a vulnerability related to improper handling of secure flags for cookies during HTTPS sessions. This flaw may allow remote attackers to intercept session cookies because they are not adequately protected, potentially leading to unauthorized access to the administration application. The affected devices include specific models from Cisco and Arris, where the lack of secure flagging raises significant security concerns in the transmission of sensitive data.

References

https://github.com/BastilleResearch/CableTap/blob/master/...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2017
Vulnerability Reserved
Jun 7, 2017