ГлавнаяУязвимости → CVE-2024-11317
10критическая

CVE-2024-11317

Описание

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Затрагиваемое ПО
Abb Aspect-ent-2 firmwareAbb Aspect-ent-2Abb Aspect-ent-256 firmwareAbb Aspect-ent-256Abb Aspect-ent-96 firmwareAbb Aspect-ent-96Abb Nexus-2128 firmwareAbb Nexus-2128Abb Nexus-2128-a firmwareAbb Nexus-2128-aAbb Nexus-2128-f firmwareAbb Nexus-2128-fAbb Nexus-2128-g firmwareAbb Nexus-2128-gAbb Nexus-264 firmwareAbb Nexus-264Abb Nexus-264-a firmwareAbb Nexus-264-aAbb Nexus-264-g firmwareAbb Nexus-264-gAbb Nexus-3-2128 firmwareAbb Nexus-3-2128Abb Aspect-ent-12 firmwareAbb Aspect-ent-12Abb Nexus-264-f firmware
CVSS
Балл10 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Источники
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch