CVE-2018-10990

Severity Score

8.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.

En dispositivos Arris Touchstone Telephony Gateway TG1682G 9.1.103J6, una acción de finalización de sesión no destruye inmediatamente todo el estado del dispositivo relacionado con la validez de la cookie "credential", lo que hace que sea más fácil para los atacantes obtener acceso posteriormente (por ejemplo, "al menos un par de minutos"). NOTA: no existe ninguna documentación que hable de que se supone que la característica de finalización de sesión de la interfaz de usuario web hace algo más allá de eliminar la cookie de una instancia de un navegador web. La acción de finalizar la sesión del lado del cliente no suele considerar casos en los que una persona ha hecho una copia de una cookie fuera de un navegador.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-05-11 CVE Reserved
2018-05-14 CVE Published
2023-11-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-613: Insufficient Session Expiration

CAPEC

References (1)

URL	Tag	Source
https://medium.com/%40AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Commscope Search vendor "Commscope"	Arris Tg1682g Firmware Search vendor "Commscope" for product "Arris Tg1682g Firmware"	9.1.103j6 Search vendor "Commscope" for product "Arris Tg1682g Firmware" and version "9.1.103j6"	-	Affected	in	Commscope Search vendor "Commscope"	Arris Tg1682g Search vendor "Commscope" for product "Arris Tg1682g"	-	-	Safe