CVE-2018-10692

Опубликовано: 07 июн. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.

Ссылки

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
Exploit
Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/8
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
Exploit
Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/8
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:moxa:awk-3121_firmware:1.14:*:*:*:*:*:*:*

cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00412

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-67hw-j62w-x85g