← Retour aux CVEs

CVE-2019-15849

HIGH

7.3

Description

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.

Details CVE

Score CVSS v3.17.3

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie10/17/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

eq-3:homematic_ccu3eq-3:homematic_ccu3_firmware

Faiblesses (CWE)

CWE-384

References

https://noskill1337.github.io/homematic-ccu3-session-fixation(cve@mitre.org)

https://www.eq-3.com/products/homematic.html(cve@mitre.org)

https://noskill1337.github.io/homematic-ccu3-session-fixation(af854a3a-2127-422b-91ae-364da2661108)

https://www.eq-3.com/products/homematic.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.