Skip to main content

Session Fixation CVE-2018-5465

HIGH
Session Fixation (CWE-384)
2018-03-06 ics-cert@hq.dhs.gov
Session Fixation Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau Hirschmann Rs20 1600L2L2Sdau Hirschmann Rs20 1600L2M2Sdau Hirschmann Rs20 1600L2S2Sdau Hirschmann Rs20 1600L2T1Sdau Hirschmann Rs20 1600M2M2Sdau Hirschmann Rs20 1600M2T1Sdau Hirschmann Rs20 1600S2M2Sdau Hirschmann Rs20 1600S2S2Sdau Hirschmann Rs20 1600S2T1Sdau Hirschmann Rsr20 Hirschmann Rsr30 Hirschmann Rsb20 0800M2M2Saab Hirschmann Rsb20 0800M2M2Saabe Hirschmann Rsb20 0800M2M2Taab Hirschmann Rsb20 0800M2M2Taabe Hirschmann Rsb20 0800S2S2Saab Hirschmann Rsb20 0800S2S2Saabe Hirschmann Rsb20 0800S2S2Taab Hirschmann Rsb20 0800S2S2Taabe Hirschmann Rsb20 0800T1T1Saab Hirschmann Rsb20 0800T1T1Saabe Hirschmann Rsb20 0800T1T1Taab Hirschmann Rsb20 0800T1T1Taabe Hirschmann Rsb20 0900M2Ttsaab Hirschmann Rsb20 0900M2Ttsaabe Hirschmann Rsb20 0900M2Tttaab Hirschmann Rsb20 0900M2Tttaabe Hirschmann Rsb20 0900Mmm2Saab Hirschmann Rsb20 0900Mmm2Saabe Hirschmann Rsb20 0900Mmm2Taab Hirschmann Rsb20 0900Mmm2Taabe Hirschmann Rsb20 0900S2Ttsaab Hirschmann Rsb20 0900S2Ttsaabe Hirschmann Rsb20 0900S2Tttaab Hirschmann Rsb20 0900S2Tttaabe Hirschmann Rsb20 0900Vvm2Saab Hirschmann Rsb20 0900Vvm2Saabe Hirschmann Rsb20 0900Vvm2Taab Hirschmann Rsb20 0900Vvm2Taabe Hirschmann Rsb20 0900Zzz6Saab Hirschmann Rsb20 0900Zzz6Saabe Hirschmann Rsb20 0900Zzz6Taab Hirschmann Rsb20 0900Zzz6Taabe Hirschmann M1 8Mm Sc Hirschmann M1 8Sfp Hirschmann M1 8Sm Sc Hirschmann M1 8Tp Rj45 Hirschmann Mach102 24Tp F Hirschmann Mach102 24Tp Fr Hirschmann Mach102 8Tp Hirschmann Mach102 8Tp F Hirschmann Mach102 8Tp Fr Hirschmann Mach102 8Tp R Hirschmann Mach104 16Tx Poep Hirschmann Mach104 16Tx Poep L3P Hirschmann Mach104 16Tx Poep 2X Hirschmann Mach104 16Tx Poep 2X L3P Hirschmann Mach104 16Tx Poep 2X E Hirschmann Mach104 16Tx Poep 2X E L3P Hirschmann Mach104 16Tx Poep 2X R Hirschmann Mach104 16Tx Poep 2X R L3P Hirschmann Mach104 16Tx Poep E Hirschmann Mach104 16Tx Poep E L3P Hirschmann Mach104 16Tx Poep R Hirschmann Mach104 16Tx Poep R L3P Hirschmann Mach104 20Tx F Hirschmann Mach104 20Tx F 4Poe Hirschmann Mach104 20Tx F L3P Hirschmann Mach104 20Tx Fr Hirschmann Mach104 20Tx Fr L3P Hirschmann Mach4002 24G 3X L2P Hirschmann Mach4002 24G 3X L3E Hirschmann Mach4002 24G 3X L3P Hirschmann Mach4002 24G L2P Hirschmann Mach4002 24G L3E Hirschmann Mach4002 24G L3P Hirschmann Mach4002 48G 3X L2P Hirschmann Mach4002 48G 3X L3E Hirschmann Mach4002 48G 3X L3P Hirschmann Mach4002 48G L2P Hirschmann Mach4002 48G L3E Hirschmann Mach4002 48G L3P Hirschmann Ms20 0800Eccp Hirschmann Ms20 0800Saae Hirschmann Ms20 0800Saap Hirschmann Ms20 1600Eccp Hirschmann Ms20 1600Saae Hirschmann Ms20 1600Saap Hirschmann Ms30 0802Saae Hirschmann Ms30 0802Saap Hirschmann Ms30 1602Saae Hirschmann Octopus 16M Hirschmann Octopus 16M 8Poe Hirschmann Octopus 16M Train Hirschmann Octopus 16M Train Bp Hirschmann Octopus 24M Hirschmann Octopus 24M 8 Poe Hirschmann Octopus 24M Train Hirschmann Octopus 24M Train Bp Hirschmann Octopus 5Tx Eec Hirschmann Octopus 8M Hirschmann Octopus 8M 6Poe Hirschmann Octopus 8M 8Poe Hirschmann Octopus 8M Train Hirschmann Octopus 8M Train Bp Hirschmann Octopus 8Tx Eec Hirschmann Octopus 8Tx Poe Eec Hirschmann Octopus Os20 000900T5T5Tafbhh Hirschmann Octopus Os20 000900T5T5Tnebhh Hirschmann Octopus Os20 0010001M1Mtrephh Hirschmann Octopus Os20 0010001S1Strephh Hirschmann Octopus Os20 0010004M4Mtrephh Hirschmann Octopus Os20 0010004S4Strephh Hirschmann Octopus Os20 001000T5T5Tafuhb Hirschmann Octopus Os20 001000T5T5Tneuhb Hirschmann Octopus Os24 080900T5T5Tffbhh Hirschmann Octopus Os24 080900T5T5Tnebhh Hirschmann Octopus Os24 081000T5T5Tffuhb Hirschmann Octopus Os24 081000T5T5Tneuhb Hirschmann Octopus Os30 Hirschmann Octopus Os30 0008021A1Atrephh Hirschmann Octopus Os30 0008021B1Btrephh Hirschmann Octopus Os30 0008024A4Atrephh Hirschmann Octopus Os30 0008024B4Btrephh Hirschmann Octopus Os32 080802O6O6Tpephh Hirschmann Octopus Os32 080802T6T6Tpephh Hirschmann Octopus Os32 081602O6O6Tpephh Hirschmann Octopus Os32 081602T6T6Tpephh Hirschmann Octopus Os34 Hirschmann Octopus Os3X Xx16Xxx Hirschmann Octopus Os3X Xx24Xxx
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 06, 2018 - 21:29 nvd
HIGH 8.8

DescriptionNVD

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

AnalysisAI

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-384. A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions. Affected products include: Belden Hirschmann Rs20-0900Mmm2Tdau, Belden Hirschmann Rs20-0900Nnm4Tdau, Belden Hirschmann Rs20-0900Vvm2Tdau, Belden Hirschmann Rs20-1600L2L2Sdau, Belden Hirschmann Rs20-1600L2M2Sdau.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-12965 CRITICAL POC
9.8 Aug 23

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID pa

CVE-2025-28242 CRITICAL POC
9.8 Apr 18

Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session

CVE-2022-40916 CRITICAL POC
9.8 Feb 06

Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2025-45949 CRITICAL POC
9.8 Apr 28

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /login

CVE-2023-48929 CRITICAL POC
9.8 Dec 08

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. Rated criti

CVE-2023-41012 CRITICAL POC
9.8 Sep 05

An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to exe

CVE-2023-31498 CRITICAL POC
9.8 May 11

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to ex

CVE-2022-3269 CRITICAL POC
9.8 Sep 23

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2021-39290 CRITICAL POC
9.8 Aug 23

Certain NetModule devices allow Limited Session Fixation via PHPSESSID. Rated critical severity (CVSS 9.8), this vulnera

CVE-2020-11729 CRITICAL POC
9.8 Apr 15

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated critical severity (CVSS 9.8), this v

CVE-2019-18418 CRITICAL POC
9.8 Oct 24

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests be

CVE-2018-18925 CRITICAL POC
9.8 Nov 04

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." s

Share

CVE-2018-5465 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy