CVE-2021-46279

Опубликовано: 24 окт. 2022

Источник: nvd

CVSS3: 5.8

CVSS3: 8.8

EPSS Низкий

Описание

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Ссылки

https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
Third Party Advisory
https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-46279/
Third Party Advisory
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
Third Party Advisory
https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-46279/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:*:*:*:*:*:*:*

cpe:2.3:h:lannerinc:iac-ast2500a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00225

Низкий

5.8 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-384

Связанные уязвимости

GHSA-vr2w-6jc9-59fh

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 45%

0.00225

Низкий

5.8 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-384