Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16495

Опубликовано: 26 мая 2021
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*
Версия до 16.1r2s11 (исключая)
cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*
Версия от 20.2.0 (включая) до 20.2.2 (исключая)
cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*
Версия от 21.1.0 (включая) до 21.1.1 (исключая)

EPSS

Процентиль: 53%
0.00303
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-384
CWE-384

Связанные уязвимости

github логотип

GHSA-gvq8-8f97-wwvq

github
больше 3 лет назад

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.

EPSS

Процентиль: 53%
0.00303
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-384
CWE-384