CVE-2018-10990 - On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediatel

CVE-2018-10990

Summary

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.

References

https://medium.com/@AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c

Vulnerable Configurations

cpe:2.3:o:commscope:arris_tg1682g_firmware:9.1.103j6:*:*:*:*:*:*:*
cpe:2.3:o:commscope:arris_tg1682g_firmware:9.1.103j6:*:*:*:*:*:*:*
cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 13-09-2021 - 11:32)
Impact:
Exploitability:

CWE

CWE-613

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:C

refmap via4

misc

https://medium.com/@AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c

Last major update

13-09-2021 - 11:32

Published

14-05-2018 - 14:29

Last modified

13-09-2021 - 11:32