CVE-2009-2367

Опубликовано: 08 июл. 2009

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

Ссылки

http://osvdb.org/55586
Broken Link
Exploit
http://secunia.com/advisories/35666
Broken Link
Vendor Advisory
http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb?rev=6733
Broken Link
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/51539
Third Party Advisory
VDB Entry
http://osvdb.org/55586
Broken Link
Exploit
http://secunia.com/advisories/35666
Broken Link
Vendor Advisory
http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb?rev=6733
Broken Link
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/51539
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:iomega:storcenter_pro_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:iomega:storcenter_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.32334

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-338

Связанные уязвимости

GHSA-2pm2-v5jq-cp26