Описание
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.
Ссылки
- ExploitMitigationThird Party Advisory
- Vendor Advisory
- ExploitMitigationThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.14.11:*:*:*:*:*:*:*
cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.0012
Низкий
7.3 High
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 7.3
github
больше 3 лет назад
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.
EPSS
Процентиль: 31%
0.0012
Низкий
7.3 High
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-384