VAR-201805-0541
Vulnerability from variot - Updated: 2023-12-18 12:28On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. Arris TG1682G Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ArrisTouchstoneTelephonyGatewayTG1682G is a Modem (Modem) router integrated machine from Arris Group of the United States. A security vulnerability exists in the ArrisTouchstoneTelephonyGatewayTG1682G9.1.103J6 release that caused the logout operation to fail to immediately clear all states on the device. An attacker could exploit the vulnerability to gain access. Hi,
Multiple vulnerabilities exist in Arris Touchstone Telephony Gateway (TG) Series devices, related to its web administration console. The CVEs for these devices have been created: CVE-2018-10989, CVE-2018-10990, CVE-2018-10991.
A blog post containing the full disclosure has been created: https://medium.com/@AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c
Thank you.
Regards Akshay 'Ax' Sharma
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0541",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arris tg1682g",
"scope": "eq",
"trust": 1.0,
"vendor": "commscope",
"version": "9.1.103j6"
},
{
"model": "tg1682g",
"scope": "eq",
"trust": 0.8,
"vendor": "arris group",
"version": "9.1.103j6"
},
{
"model": "touchstone telephony gateway tg1682g 9.1.103j6",
"scope": null,
"trust": 0.6,
"vendor": "arris",
"version": null
},
{
"model": "tg1682g",
"scope": "eq",
"trust": 0.6,
"vendor": "arris",
"version": "9.1.103j6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:commscope:arris_tg1682g_firmware:9.1.103j6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Akshay Sharma",
"sources": [
{
"db": "PACKETSTORM",
"id": "147636"
}
],
"trust": 0.1
},
"cve": "CVE-2018-10990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10990",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2018-13778",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-120805",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10990",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10990",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-13778",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-416",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120805",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"db": "VULHUB",
"id": "VHN-120805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the \"credential\" cookie, which might make it easier for attackers to obtain access at a later time (e.g., \"at least for a few minutes\"). NOTE: there is no documentation stating that the web UI\u0027s logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. Arris TG1682G Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ArrisTouchstoneTelephonyGatewayTG1682G is a Modem (Modem) router integrated machine from Arris Group of the United States. A security vulnerability exists in the ArrisTouchstoneTelephonyGatewayTG1682G9.1.103J6 release that caused the logout operation to fail to immediately clear all states on the device. An attacker could exploit the vulnerability to gain access. Hi,\n\nMultiple vulnerabilities exist in Arris Touchstone Telephony Gateway (TG)\nSeries devices, related to its web administration console. \nThe CVEs for these devices have been\ncreated: CVE-2018-10989, CVE-2018-10990, CVE-2018-10991. \n\nA blog post containing the full disclosure has been created:\nhttps://medium.com/@AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c\n\nThank you. \n\nRegards\nAkshay \u0027Ax\u0027 Sharma\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"db": "VULHUB",
"id": "VHN-120805"
},
{
"db": "PACKETSTORM",
"id": "147636"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10990",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-416",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-13778",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120805",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147636",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"db": "VULHUB",
"id": "VHN-120805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"db": "PACKETSTORM",
"id": "147636"
},
{
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
]
},
"id": "VAR-201805-0541",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"db": "VULHUB",
"id": "VHN-120805"
}
],
"trust": 1.48333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13778"
}
]
},
"last_update_date": "2023-12-18T12:28:56.555000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TG1682G",
"trust": 0.8,
"url": "https://arris.secure.force.com/consumers/consumerproductdetail?p=a0ha000000tnnmsaav\u0026c=touchstone%20modems%20and%20gateways"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"db": "NVD",
"id": "CVE-2018-10990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://medium.com/@akshaysharmaus/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c"
},
{
"trust": 1.0,
"url": "https://medium.com/%40akshaysharmaus/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10990"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10990"
},
{
"trust": 0.6,
"url": "https://medium.com/@akshaysharmaus/comcast"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"db": "VULHUB",
"id": "VHN-120805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"db": "PACKETSTORM",
"id": "147636"
},
{
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"db": "VULHUB",
"id": "VHN-120805"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"db": "PACKETSTORM",
"id": "147636"
},
{
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-120805"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"date": "2018-05-15T09:32:22",
"db": "PACKETSTORM",
"id": "147636"
},
{
"date": "2018-05-14T14:29:00.350000",
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"date": "2018-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13778"
},
{
"date": "2018-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-120805"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005127"
},
{
"date": "2023-11-07T02:51:36.050000",
"db": "NVD",
"id": "CVE-2018-10990"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arris TG1682G Session expiration vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005127"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-416"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…