Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CableTap/doc/advisories/bastille-35.improper-cookie-flags.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
57 lines (28 sloc)
1.45 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Bastille Tracking Number 35 | |
| CVE-2017-9491 | |
| CVE-2017-9492 | |
| Bastille Vulnerability Label: Improper Cookie Flags | |
| Bastille Provided Severity: Low | |
| Overview | |
| Improper cookie flags occurs when the cookies used by an application do not make use of the security flags defined in the HTTP cookie standard. | |
| Affected Platforms | |
| Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST | |
| Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST | |
| Cisco DPC3939B, firmware version dpc3939b-v303r204217-150321a-CMCST | |
| Cisco DPC3941T, firmware version DPC3941_2.5s3_PROD_sey | |
| Arris TG1682G, eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey | |
| Proof-of-Concept | |
| (1) Open a browser and navigate the browser to a login page of one of the affected modems (typically http://10.0.0.1/) | |
| (2) Log in to the application. | |
| (3) Open up the developer tools console in the browser and navigate to where cookie contents can be viewed (https://kb.iu.edu/d/ajfi) | |
| Test Environment | |
| Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST | |
| Cisco DPC3939B, firmware version dpc3939b-v303r204217-150321a-CMCST | |
| Arris TG1682G, eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey | |
| Mitigation | |
| Configure the modem administration applications to enable the HTTP only flag on the appropriate cookies. | |
| Recommended Remediation | |
| N/A | |
| Credits | |
| Marc Newlin and Logan Lamb, Bastille | |
| Chris Grayson, Web Sight.IO |