4.6
CVE-2017-10890
- EPSS 0.09%
- Published 17.11.2017 14:29:00
- Last modified 20.04.2025 01:37:25
- Source vultures@jpcert.or.jp
- Teams watchlist Login
- Open Login
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.
Data is provided by the National Vulnerability Database (NVD)
Sharp ≫ Rx-v200 Firmware Version < 09.87.17.09
Sharp ≫ Rx-v100 Firmware Version < 03.29.17.09
Sharp ≫ Rx-clv1-p Firmware Version < 79.17.17.09
Sharp ≫ Rx-clv2-b Firmware Version < 89.07.17.09
Sharp ≫ Rx-clv3-n Firmware Version < 91.09.17.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.233 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 2.1 | 2.5 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 5.5 | 4.9 |
AV:A/AC:M/Au:N/C:P/I:P/A:N
|
CWE-384 Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.