CVE-2018-5465

EPSS 0.04%
Published 06.03.2018 21:29:00
Last modified 21.11.2024 04:08:51
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Belden ≫ Hirschmann Rs20-0900mmm2tdau Version-

Belden ≫ Hirschmann Rs20-0900nnm4tdau Version-

Belden ≫ Hirschmann Rs20-0900vvm2tdau Version-

Belden ≫ Hirschmann Rs20-1600l2l2sdau Version-

Belden ≫ Hirschmann Rs20-1600l2m2sdau Version-

Belden ≫ Hirschmann Rs20-1600l2s2sdau Version-

Belden ≫ Hirschmann Rs20-1600l2t1sdau Version-

Belden ≫ Hirschmann Rs20-1600m2m2sdau Version-

Belden ≫ Hirschmann Rs20-1600m2t1sdau Version-

Belden ≫ Hirschmann Rs20-1600s2m2sdau Version-

Belden ≫ Hirschmann Rs20-1600s2s2sdau Version-

Belden ≫ Hirschmann Rs20-1600s2t1sdau Version-

Belden ≫ Hirschmann Rsr20 Version-

Belden ≫ Hirschmann Rsr30 Version-

Belden ≫ Hirschmann Rsb20-0800m2m2saab Version-

Belden ≫ Hirschmann Rsb20-0800m2m2saabe Version-

Belden ≫ Hirschmann Rsb20-0800m2m2taab Version-

Belden ≫ Hirschmann Rsb20-0800m2m2taabe Version-

Belden ≫ Hirschmann Rsb20-0800s2s2saab Version-

Belden ≫ Hirschmann Rsb20-0800s2s2saabe Version-

Belden ≫ Hirschmann Rsb20-0800s2s2taab Version-

Belden ≫ Hirschmann Rsb20-0800s2s2taabe Version-

Belden ≫ Hirschmann Rsb20-0800t1t1saab Version-

Belden ≫ Hirschmann Rsb20-0800t1t1saabe Version-

Belden ≫ Hirschmann Rsb20-0800t1t1taab Version-

Belden ≫ Hirschmann Rsb20-0800t1t1taabe Version-

Belden ≫ Hirschmann Rsb20-0900m2ttsaab Version-

Belden ≫ Hirschmann Rsb20-0900m2ttsaabe Version-

Belden ≫ Hirschmann Rsb20-0900m2tttaab Version-

Belden ≫ Hirschmann Rsb20-0900m2tttaabe Version-

Belden ≫ Hirschmann Rsb20-0900mmm2saab Version-

Belden ≫ Hirschmann Rsb20-0900mmm2saabe Version-

Belden ≫ Hirschmann Rsb20-0900mmm2taab Version-

Belden ≫ Hirschmann Rsb20-0900mmm2taabe Version-

Belden ≫ Hirschmann Rsb20-0900s2ttsaab Version-

Belden ≫ Hirschmann Rsb20-0900s2ttsaabe Version-

Belden ≫ Hirschmann Rsb20-0900s2tttaab Version-

Belden ≫ Hirschmann Rsb20-0900s2tttaabe Version-

Belden ≫ Hirschmann Rsb20-0900vvm2saab Version-

Belden ≫ Hirschmann Rsb20-0900vvm2saabe Version-

Belden ≫ Hirschmann Rsb20-0900vvm2taab Version-

Belden ≫ Hirschmann Rsb20-0900vvm2taabe Version-

Belden ≫ Hirschmann Rsb20-0900zzz6saab Version-

Belden ≫ Hirschmann Rsb20-0900zzz6saabe Version-

Belden ≫ Hirschmann Rsb20-0900zzz6taab Version-

Belden ≫ Hirschmann Rsb20-0900zzz6taabe Version-

Belden ≫ Hirschmann M1-8mm-sc Version-

Belden ≫ Hirschmann M1-8sfp Version-

Belden ≫ Hirschmann M1-8sm-sc Version-

Belden ≫ Hirschmann M1-8tp-rj45 Version-

Belden ≫ Hirschmann Mach102-24tp-f Version-

Belden ≫ Hirschmann Mach102-24tp-fr Version-

Belden ≫ Hirschmann Mach102-8tp Version-

Belden ≫ Hirschmann Mach102-8tp-f Version-

Belden ≫ Hirschmann Mach102-8tp-fr Version-

Belden ≫ Hirschmann Mach102-8tp-r Version-

Belden ≫ Hirschmann Mach104-16tx-poep Version-

Belden ≫ Hirschmann Mach104-16tx-poep-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -e Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -e-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -r Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -r-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep -e Version-

Belden ≫ Hirschmann Mach104-16tx-poep -e-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep -r Version-

Belden ≫ Hirschmann Mach104-16tx-poep -r-l3p Version-

Belden ≫ Hirschmann Mach104-20tx-f Version-

Belden ≫ Hirschmann Mach104-20tx-f-4poe Version-

Belden ≫ Hirschmann Mach104-20tx-f-l3p Version-

Belden ≫ Hirschmann Mach104-20tx-fr Version-

Belden ≫ Hirschmann Mach104-20tx-fr-l3p Version-

Belden ≫ Hirschmann Mach4002-24g+3x-l2p Version-

Belden ≫ Hirschmann Mach4002-24g+3x-l3e Version-

Belden ≫ Hirschmann Mach4002-24g+3x-l3p Version-

Belden ≫ Hirschmann Mach4002-24g-l2p Version-

Belden ≫ Hirschmann Mach4002-24g-l3e Version-

Belden ≫ Hirschmann Mach4002-24g-l3p Version-

Belden ≫ Hirschmann Mach4002-48g+3x-l2p Version-

Belden ≫ Hirschmann Mach4002-48g+3x-l3e Version-

Belden ≫ Hirschmann Mach4002-48g+3x-l3p Version-

Belden ≫ Hirschmann Mach4002-48g-l2p Version-

Belden ≫ Hirschmann Mach4002-48g-l3e Version-

Belden ≫ Hirschmann Mach4002-48g-l3p Version-

Belden ≫ Hirschmann Ms20-0800eccp Version-

Belden ≫ Hirschmann Ms20-0800saae Version-

Belden ≫ Hirschmann Ms20-0800saap Version-

Belden ≫ Hirschmann Ms20-1600eccp Version-

Belden ≫ Hirschmann Ms20-1600saae Version-

Belden ≫ Hirschmann Ms20-1600saap Version-

Belden ≫ Hirschmann Ms30-0802saae Version-

Belden ≫ Hirschmann Ms30-0802saap Version-

Belden ≫ Hirschmann Ms30-1602saae Version-

Belden ≫ Hirschmann Octopus 16m Version-

Belden ≫ Hirschmann Octopus 16m-8poe Version-

Belden ≫ Hirschmann Octopus 16m-train Version-

Belden ≫ Hirschmann Octopus 16m-train-bp Version-

Belden ≫ Hirschmann Octopus 24m Version-

Belden ≫ Hirschmann Octopus 24m-8 Poe Version-

Belden ≫ Hirschmann Octopus 24m-train Version-

Belden ≫ Hirschmann Octopus 24m-train-bp Version-

Belden ≫ Hirschmann Octopus 5tx Eec Version-

Belden ≫ Hirschmann Octopus 8m Version-

Belden ≫ Hirschmann Octopus 8m-6poe Version-

Belden ≫ Hirschmann Octopus 8m-8poe Version-

Belden ≫ Hirschmann Octopus 8m-train Version-

Belden ≫ Hirschmann Octopus 8m-train-bp Version-

Belden ≫ Hirschmann Octopus 8tx-eec Version-

Belden ≫ Hirschmann Octopus 8tx Poe-eec Version-

Belden ≫ Hirschmann Octopus Os20-000900t5t5tafbhh Version-

Belden ≫ Hirschmann Octopus Os20-000900t5t5tnebhh Version-

Belden ≫ Hirschmann Octopus Os20-0010001m1mtrephh Version-

Belden ≫ Hirschmann Octopus Os20-0010001s1strephh Version-

Belden ≫ Hirschmann Octopus Os20-0010004m4mtrephh Version-

Belden ≫ Hirschmann Octopus Os20-0010004s4strephh Version-

Belden ≫ Hirschmann Octopus Os20-001000t5t5tafuhb Version-

Belden ≫ Hirschmann Octopus Os20-001000t5t5tneuhb Version-

Belden ≫ Hirschmann Octopus Os24-080900t5t5tffbhh Version-

Belden ≫ Hirschmann Octopus Os24-080900t5t5tnebhh Version-

Belden ≫ Hirschmann Octopus Os24-081000t5t5tffuhb Version-

Belden ≫ Hirschmann Octopus Os24-081000t5t5tneuhb Version-

Belden ≫ Hirschmann Octopus Os30 Version-

Belden ≫ Hirschmann Octopus Os30-0008021a1atrephh Version-

Belden ≫ Hirschmann Octopus Os30-0008021b1btrephh Version-

Belden ≫ Hirschmann Octopus Os30-0008024a4atrephh Version-

Belden ≫ Hirschmann Octopus Os30-0008024b4btrephh Version-

Belden ≫ Hirschmann Octopus Os32-080802o6o6tpephh Version-

Belden ≫ Hirschmann Octopus Os32-080802t6t6tpephh Version-

Belden ≫ Hirschmann Octopus Os32-081602o6o6tpephh Version-

Belden ≫ Hirschmann Octopus Os32-081602t6t6tpephh Version-

Belden ≫ Hirschmann Octopus Os34 Version-

Belden ≫ Hirschmann Octopus Os3x-xx16xxx Version-

Belden ≫ Hirschmann Octopus Os3x-xx24xxx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.067

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

http://www.securityfocus.com/bid/103340

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-5465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5465

EUVD