Session fixation

2017-07-3103:29:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.0%

JSON

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

CPENameOperatorVersion
dpc3939_firmwareeqdpc3939p2018v303r20421733160420acmcst
dpc3939_firmwareeqdpc3939p2018v303r20421746170221acmcst
dpc3939b_firmwareeqdpc3939bv303r204217150321acmcst
dpc3941t_firmwareeqdpc39412.5s3prodsey
arris_tg1682g_firmwareeq10.0.132-sip-pc20-ct
arris_tg1682g_firmwareeqtg16822.2p7s2prodsey

Name	Operator	Version
dpc3939_firmware	eq	dpc3939p2018v303r20421733160420acmcst
dpc3939_firmware	eq	dpc3939p2018v303r20421746170221acmcst
dpc3939b_firmware	eq	dpc3939bv303r204217150321acmcst
dpc3941t_firmware	eq	dpc39412.5s3prodsey
arris_tg1682g_firmware	eq	10.0.132-sip-pc20-ct
arris_tg1682g_firmware	eq	tg16822.2p7s2prodsey