CVE-2017-5141

NONE

6.0CVSS v3

6.5CVSS v2

0.45% EPSS (exploit probability)

CWE-384CWE

Description

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION).

CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Affected routers (1)

Vendor	Model	Matched via	Affected versions	Fixed in	Patch?
Ubiquiti	Ubiquiti EdgeRouter X	`—`	—	—	No

External references

NIST NVD
MITRE CVE