Vulnerabilities > CVE-2015-7924 - Unspecified vulnerability in Ewon Firmware 10.0S0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/135069/ewon-xsrfsession.txt |
id | PACKETSTORM:135069 |
last seen | 2016-12-05 |
published | 2015-12-24 |
reporter | Karn Ganeshen |
source | https://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html |
title | eWON XSS / CSRF / Session Management / RBAC Issues |
References
- http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
- http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
- http://seclists.org/fulldisclosure/2015/Dec/118
- http://seclists.org/fulldisclosure/2015/Dec/118
- http://www.securityfocus.com/bid/79625
- http://www.securityfocus.com/bid/79625
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03