CVE-2009-2367

CRITICAL9.8

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter

Published Jul 8, 2009

Modified 1 years ago

No fix available

Details

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

References

WEBhttp://osvdb.org/55586 ADVISORYhttp://secunia.com/advisories/35666 WEBhttp://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb?rev=6733 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/51539 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2009-2367

CVSS Analysis

CVSS v3.1

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJul 8, 2009

ModifiedAug 7, 2024