Session Takeover Vulnerability in Self-Developed Session Management
CVE-2024-28144

Currently unrated

Key Information:

Vendor: Image Access Gmbh
Status: Scan2net
Vendor: CVE Published:; 12 December 2024

🔔 Create Image Access Gmbh Vulnerability Alert

What is CVE-2024-28144?

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.

Affected Version(s)

Scan2Net 0 <= 7.42B

References

https://r.sec-consult.com/imageaccess

third-party-advisory

https://www.imageaccess.de/?page=SupportPortal&lang=en

patch

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Daniel Hirschberger (SEC Consult Vulnerability Lab)

Tobias Niemann (SEC Consult Vulnerability Lab)