Main Vulnerability Database SB2019032616

SB2019032616 - Session Fixation in FL NAT SMCS 8TX

Published: March 26, 2019 Updated: June 13, 2019

Security Bulletin ID SB2019032616

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Session Fixation (CVE-ID: CVE-2019-9744)

The vulnerability allows a remote attacker to gain unauthorized access to the web interface.

The vulnerability exists due to improper access restrictions when attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier. A remote unauthorized attacker can get access to the web interface, which may allow full access to the device configuration.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://www.securityfocus.com/bid/108576
https://cert.vde.com/de-de/advisories/vde-2019-006

SB2019032616 - Session Fixation in FL NAT SMCS 8TX

Breakdown by Severity

Description

Remediation

References

Please verify you're human