Session Fixation Vulnerability Affects ABB Enterprise, NEXUS, and MATRIX Products
CVE-2024-11317
10CRITICAL
What is CVE-2024-11317?
This vulnerability allows an attacker to exploit session fixation flaws in the affected ABB products. By fixing a user's session identifier before login, an attacker can manipulate session data, potentially leading to unauthorized access and session hijacking. Organizations utilizing ABB ASPECT, NEXUS Series, or MATRIX Series versions 3.08.02 should assess their systems for vulnerabilities and implement necessary security measures to protect against potential session takeover exploits. Regular updates and immediate patching are essential to mitigate associated risks.
Affected Version(s)
ASPECT-Enterprise Linux 0 <= 3.08.02
MATRIX Series Linux initial <= 3.08.02
NEXUS Series Linux 0 <= 3.08.02
References
CVSS V3.1
Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure