CVE-2024-47945
CVSS V2 None
CVSS V3 None
Description
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID generation algorithm. The session IDs are
predictable, with only 32,768 possible values per user, which allows
attackers to pre-generate valid session IDs, leading to unauthorized
access to user sessions. This is not only due to the use of an
(insecure) rand() function call but also because of missing
initialization via srand(). As a result only the PIDs are effectively
used as seed.
Overview
- CVE ID
- CVE-2024-47945
- Assigner
- SEC-VLab
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-15T10:05:58.333Z
- Last Modified Date
- 2024-10-15T16:03:59.248Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://r.sec-consult.com/rittaliot | third-party-advisory |
| https://www.rittal.com/de-de/products/deep/3124300 | patch |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-47945 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47945 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-16 13:16:50 | Added to TrackCVE |