CVE-2018-10990 Information

Description

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices a logout action does not immediately destroy all state on the device related to the validity of the \credential\ cookie which might make it easier for attackers to obtain access at a later time (e.g. \at least for a few minutes). NOTE: there is no documentation stating that the web UI’s logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

https://medium.com/@AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.0