Vulnerabilities > CVE-2014-2509 - Session Fixation vulnerability in EMC Smarts Network Configuration Manager 9.1/9.2
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation"
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2014-06/0168.html
- http://packetstormsecurity.com/files/127301/EMC-Network-Configuration-Manager-NCM-Session-Fixation.html
- http://secunia.com/advisories/59423
- http://www.securityfocus.com/archive/1/533077/100/0/threaded
- http://www.securitytracker.com/id/1030494