CVE-2013-4629 - The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update th

CVE-2013-4629

Summary

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.

References

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm

Vulnerable Configurations

cpe:2.3:h:huawei:vp_9610:v100r002c02b019sp05:*:*:*:*:*:*:*
cpe:2.3:h:huawei:vp_9610:v100r002c02b019sp05:*:*:*:*:*:*:*
cpe:2.3:h:huawei:vp_9620:v100r002c02b019sp05:*:*:*:*:*:*:*
cpe:2.3:h:huawei:vp_9620:v100r002c02b019sp05:*:*:*:*:*:*:*

CVSS

Base:	8.5 (as of 21-06-2013 - 04:00)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:S/C:C/I:C/A:C

refmap via4

confirm

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm

Last major update

21-06-2013 - 04:00

Published

20-06-2013 - 15:55

Last modified

21-06-2013 - 04:00