exploitDog

GHSA-2pm2-v5jq-cp26

Опубликовано: 02 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

Ссылки

EPSS

Процентиль: 97%

0.32334

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-338

Связанные уязвимости

CVE-2009-2367

CVSS3: 9.8

nvd

больше 16 лет назад

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

EPSS

Процентиль: 97%

0.32334

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-338