Vulnerability Description
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mitel 3300 Integrated Communication Platform | All versions |
References
- http://www.corsaire.com/advisories/c040817-002.txtVendor Advisory
- http://www.mitel.com/DocController?documentId=14223PatchVendor Advisory
- http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=enPatchVendor Advisory
- http://www.corsaire.com/advisories/c040817-002.txtVendor Advisory
- http://www.mitel.com/DocController?documentId=14223PatchVendor Advisory
- http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=enPatchVendor Advisory
FAQ
What is CVE-2004-0944?
CVE-2004-0944 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other session...
How severe is CVE-2004-0944?
CVE-2004-0944 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0944?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Mitel 3300 Integrated Communication Platform.