Design/Logic Flaw

2020-08-2519:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.

CPENameOperatorVersion
ipecsge2.0.0
ipecsle2.10.14
ipecsge1.0.0
ipecsle1.0.35

Name	Operator	Version
ipecs	ge	2.0.0
ipecs	le	2.10.14
ipecs	ge	1.0.0
ipecs	le	1.0.35

References

www.ericssonlg.co.kr/

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572