Vulnerability CVE-2018-5465

Vulnerability CVE-2018-5465

Published: 2018-03-06 Modified: 2018-03-07

Description:

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

Type:

CWE-384

(Session Fixation)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Belden -> Hirschmann mach104-16tx-poep +2x -e-l3p
Belden -> Hirschmann mach4002-24g-l3e
Belden -> Hirschmann ms30-1602saae
Belden -> Hirschmann octopus 8tx poe-eec
Belden -> Hirschmann octopus os30-0008024a4atrephh
Belden -> Hirschmann rs20-1600m2m2sdau
Belden -> Hirschmann rsb20-0800t1t1taabe
Belden -> Hirschmann rsb20-0900vvm2taabe
Belden -> Hirschmann m1-8mm-sc
Belden -> Hirschmann mach104-16tx-poep +2x -r
Belden -> Hirschmann mach4002-24g-l3p
Belden -> Hirschmann octopus 16m
Belden -> Hirschmann octopus os20-000900t5t5tafbhh
Belden -> Hirschmann octopus os30-0008024b4btrephh
Belden -> Hirschmann rs20-1600m2t1sdau
Belden -> Hirschmann rsb20-0900m2ttsaab
Belden -> Hirschmann rsb20-0900zzz6saab
Belden -> Hirschmann m1-8sfp
Belden -> Hirschmann mach104-16tx-poep +2x -r-l3p
Belden -> Hirschmann mach4002-48g+3x-l2p
Belden -> Hirschmann octopus 16m-8poe
Belden -> Hirschmann octopus os20-000900t5t5tnebhh
Belden -> Hirschmann octopus os32-080802o6o6tpephh
Belden -> Hirschmann rs20-1600s2m2sdau
Belden -> Hirschmann rsb20-0900m2ttsaabe
Belden -> Hirschmann rsb20-0900zzz6saabe
Belden -> Hirschmann m1-8sm-sc
Belden -> Hirschmann mach104-16tx-poep -e
Belden -> Hirschmann mach4002-48g+3x-l3e
Belden -> Hirschmann octopus 16m-train
Belden -> Hirschmann octopus os20-0010001m1mtrephh
Belden -> Hirschmann octopus os32-080802t6t6tpephh
Belden -> Hirschmann rs20-1600s2s2sdau
Belden -> Hirschmann rsb20-0900m2tttaab
Belden -> Hirschmann rsb20-0900zzz6taab
Belden -> Hirschmann m1-8tp-rj45
Belden -> Hirschmann mach104-16tx-poep -e-l3p
Belden -> Hirschmann mach4002-48g+3x-l3p
Belden -> Hirschmann octopus 16m-train-bp
Belden -> Hirschmann octopus os20-0010001s1strephh
Belden -> Hirschmann octopus os32-081602o6o6tpephh
Belden -> Hirschmann rs20-1600s2t1sdau
Belden -> Hirschmann rsb20-0900m2tttaabe
Belden -> Hirschmann rsb20-0900zzz6taabe
Belden -> Hirschmann mach102-24tp-f
Belden -> Hirschmann mach104-16tx-poep -r
Belden -> Hirschmann mach4002-48g-l2p
Belden -> Hirschmann octopus 24m
Belden -> Hirschmann octopus os20-0010004m4mtrephh
Belden -> Hirschmann octopus os32-081602t6t6tpephh
Belden -> Hirschmann rsb20-0800m2m2saab
Belden -> Hirschmann rsb20-0900mmm2saab
Belden -> Hirschmann rsr20
Belden -> Hirschmann mach102-24tp-fr
Belden -> Hirschmann mach104-16tx-poep -r-l3p
Belden -> Hirschmann mach4002-48g-l3e
Belden -> Hirschmann octopus 24m-8 poe
Belden -> Hirschmann octopus os20-0010004s4strephh
Belden -> Hirschmann octopus os34
Belden -> Hirschmann rsb20-0800m2m2saabe
Belden -> Hirschmann rsb20-0900mmm2saabe
Belden -> Hirschmann rsr30
Belden -> Hirschmann mach102-8tp
Belden -> Hirschmann mach104-20tx-f
Belden -> Hirschmann mach4002-48g-l3p
Belden -> Hirschmann octopus 24m-train
Belden -> Hirschmann octopus os20-001000t5t5tafuhb
Belden -> Hirschmann octopus os3x-xx16xxx
Belden -> Hirschmann rsb20-0800m2m2taab
Belden -> Hirschmann rsb20-0900mmm2taab
Belden -> Hirschmann mach102-8tp-f
Belden -> Hirschmann mach104-20tx-f-4poe
Belden -> Hirschmann ms20-0800eccp
Belden -> Hirschmann octopus 24m-train-bp
Belden -> Hirschmann octopus os20-001000t5t5tneuhb
Belden -> Hirschmann octopus os3x-xx24xxx
Belden -> Hirschmann rsb20-0800m2m2taabe
Belden -> Hirschmann rsb20-0900mmm2taabe
Belden -> Hirschmann mach102-8tp-fr
Belden -> Hirschmann mach104-20tx-f-l3p
Belden -> Hirschmann ms20-0800saae
Belden -> Hirschmann octopus 5tx eec
Belden -> Hirschmann octopus os24-080900t5t5tffbhh
Belden -> Hirschmann rs20-0900mmm2tdau
Belden -> Hirschmann rsb20-0800s2s2saab
Belden -> Hirschmann rsb20-0900s2ttsaab
Belden -> Hirschmann mach102-8tp-r
Belden -> Hirschmann mach104-20tx-fr
Belden -> Hirschmann ms20-0800saap
Belden -> Hirschmann octopus 8m
Belden -> Hirschmann octopus os24-080900t5t5tnebhh
Belden -> Hirschmann rs20-0900nnm4tdau
Belden -> Hirschmann rsb20-0800s2s2saabe
Belden -> Hirschmann rsb20-0900s2ttsaabe
Belden -> Hirschmann mach104-16tx-poep
Belden -> Hirschmann mach104-20tx-fr-l3p
Belden -> Hirschmann ms20-1600eccp
Belden -> Hirschmann octopus 8m-6poe
Belden -> Hirschmann octopus os24-081000t5t5tffuhb
Belden -> Hirschmann rs20-0900vvm2tdau

References:

http://www.securityfocus.com/bid/103340

https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

Vulnerability CVE-2018-5465

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

CWE-384

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

6.8/10

6.4/10

8.6/10

Remote

Medium

No required

Partial

Partial

Partial

Affected software

References: