← Zuruck zu CVEs

CVE-2019-15849

HIGH

7.3

Beschreibung

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.

CVE Details

CVSS v3.1 Bewertung7.3

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionREQUIRED

Veroffentlicht10/17/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

eq-3:homematic_ccu3eq-3:homematic_ccu3_firmware

Schwachen (CWE)

CWE-384

Referenzen

https://noskill1337.github.io/homematic-ccu3-session-fixation(cve@mitre.org)

https://www.eq-3.com/products/homematic.html(cve@mitre.org)

https://noskill1337.github.io/homematic-ccu3-session-fixation(af854a3a-2127-422b-91ae-364da2661108)

https://www.eq-3.com/products/homematic.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.