CVE-2009-2367 — CRITICAL (9.8)

Vulnerability Description

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Iomega	Storcenter Pro Firmware	-
Iomega	Storcenter Pro	-

Related Weaknesses (CWE)

CWE-338

References

http://osvdb.org/55586Broken LinkExploit
http://secunia.com/advisories/35666Broken LinkVendor Advisory
http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/httpBroken LinkExploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/51539Third Party AdvisoryVDB Entry
http://osvdb.org/55586Broken LinkExploit
http://secunia.com/advisories/35666Broken LinkVendor Advisory
http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/httpBroken LinkExploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/51539Third Party AdvisoryVDB Entry

FAQ

What is CVE-2009-2367?

CVE-2009-2367 is a vulnerability with a CVSS score of 9.8 (CRITICAL). cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sess...

How severe is CVE-2009-2367?

CVE-2009-2367 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2009-2367?

Check the references section above for vendor advisories and patch information. Affected products include: Iomega Storcenter Pro Firmware, Iomega Storcenter Pro.