CVE-2015-7924 - eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in re

CVE-2015-7924

Summary

eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613: Insufficient Session Expiration</a>

References

Vulnerable Configurations

cpe:2.3:o:ewon:ewon_firmware:10.0s0:*:*:*:*:*:*:*
cpe:2.3:o:ewon:ewon_firmware:10.0s0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 07-12-2016 - 18:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	79625
confirm	http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
fulldisc	20151224 eWON sa Industrial router - Multiple Vulnerabilities
misc	https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03

Last major update

07-12-2016 - 18:25

Published

23-12-2015 - 11:59

Last modified

07-12-2016 - 18:25