Session fixation

2014-04-1004:34:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.8%

JSON

The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.

CPENameOperatorVersion
cisco_ons_15454_system_softwarele9.6
cisco_ons_15454_system_softwareeq9.0
cisco_ons_15454_system_softwareeq9.1
cisco_ons_15454_system_softwareeq9.2
cisco_ons_15454_system_softwareeq9.2.1
cisco_ons_15454_system_softwareeq9.2.2
cisco_ons_15454_system_softwareeq9.3
cisco_ons_15454_system_softwareeq9.4

Name	Operator	Version
cisco_ons_15454_system_software	le	9.6
cisco_ons_15454_system_software	eq	9.0
cisco_ons_15454_system_software	eq	9.1
cisco_ons_15454_system_software	eq	9.2
cisco_ons_15454_system_software	eq	9.2.1
cisco_ons_15454_system_software	eq	9.2.2
cisco_ons_15454_system_software	eq	9.3
cisco_ons_15454_system_software	eq	9.4