Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-4509

Опубликовано: 13 апр. 2010
Источник: nvd
CVSS2: 10
EPSS Низкий

Описание

The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vsecurity:tandberg_video_communication_server:*:*:*:*:*:*:*:*
Версия до x4.2.1 (включая)
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02844
Низкий

10 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

github логотип

GHSA-4ff5-fg46-2w34

github
почти 4 года назад

The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header.

EPSS

Процентиль: 86%
0.02844
Низкий

10 Critical

CVSS2

Дефекты

CWE-94