-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathbastille-35.improper-cookie-flags.txt
57 lines (28 loc) · 1.45 KB
/
bastille-35.improper-cookie-flags.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Bastille Tracking Number 35
CVE-2017-9491
CVE-2017-9492
Bastille Vulnerability Label: Improper Cookie Flags
Bastille Provided Severity: Low
Overview
Improper cookie flags occurs when the cookies used by an application do not make use of the security flags defined in the HTTP cookie standard.
Affected Platforms
Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST
Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST
Cisco DPC3939B, firmware version dpc3939b-v303r204217-150321a-CMCST
Cisco DPC3941T, firmware version DPC3941_2.5s3_PROD_sey
Arris TG1682G, eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey
Proof-of-Concept
(1) Open a browser and navigate the browser to a login page of one of the affected modems (typically http://10.0.0.1/)
(2) Log in to the application.
(3) Open up the developer tools console in the browser and navigate to where cookie contents can be viewed (https://kb.iu.edu/d/ajfi)
Test Environment
Cisco DPC3939, firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST
Cisco DPC3939B, firmware version dpc3939b-v303r204217-150321a-CMCST
Arris TG1682G, eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey
Mitigation
Configure the modem administration applications to enable the HTTP only flag on the appropriate cookies.
Recommended Remediation
N/A
Credits
Marc Newlin and Logan Lamb, Bastille
Chris Grayson, Web Sight.IO