10критическая
CVE-2024-11317
Описание
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
Затрагиваемое ПО
Abb Aspect-ent-2 firmwareAbb Aspect-ent-2Abb Aspect-ent-256 firmwareAbb Aspect-ent-256Abb Aspect-ent-96 firmwareAbb Aspect-ent-96Abb Nexus-2128 firmwareAbb Nexus-2128Abb Nexus-2128-a firmwareAbb Nexus-2128-aAbb Nexus-2128-f firmwareAbb Nexus-2128-fAbb Nexus-2128-g firmwareAbb Nexus-2128-gAbb Nexus-264 firmwareAbb Nexus-264Abb Nexus-264-a firmwareAbb Nexus-264-aAbb Nexus-264-g firmwareAbb Nexus-264-gAbb Nexus-3-2128 firmwareAbb Nexus-3-2128Abb Aspect-ent-12 firmwareAbb Aspect-ent-12Abb Nexus-264-f firmware
CVSS
| Балл | 10 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
Источники
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch