Session Fixation

CVE-2017-10890

Medium

4.6/10

Summary

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-384 - Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

Advisory Timeline

Published Nov 17, 2017

Session Fixation

CVE-2017-10890

Summary

CWE-384 - Session Fixation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS