// For flags

CVE-2018-16495

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.

En VOS, el identificador de sesión de usuario (token de autenticación) es emitido al navegador antes de la autenticación, pero no es cambiada después de que el usuario inicia sesión con pexito en la aplicación. Se produce un fallo en emitir una nueva ID de sesión después de un inicio de sesión con éxito introduce la posibilidad para un atacante de configurar una sesión trampa en el dispositivo con el que es probable que la víctima inicie sesión

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-09-04 CVE Reserved
  • 2021-05-26 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-384: Session Fixation
CAPEC
References (1)
URL Tag Source
https://hackerone.com/reports/1168192 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Versa-networks
Search vendor "Versa-networks"
 Versa Operating System
Search vendor "Versa-networks" for product "Versa Operating System"
 < 16.1r2s11
Search vendor "Versa-networks" for product "Versa Operating System" and version " < 16.1r2s11"
-
Affected
Versa-networks
Search vendor "Versa-networks"
 Versa Operating System
Search vendor "Versa-networks" for product "Versa Operating System"
 >= 20.2.0 < 20.2.2
Search vendor "Versa-networks" for product "Versa Operating System" and version " >= 20.2.0 < 20.2.2"
-
Affected
Versa-networks
Search vendor "Versa-networks"
 Versa Operating System
Search vendor "Versa-networks" for product "Versa Operating System"
 >= 21.1.0 < 21.1.1
Search vendor "Versa-networks" for product "Versa Operating System" and version " >= 21.1.0 < 21.1.1"
-
Affected