How severe is CVE-2024-49709?

This vulnerability has a severity rating of LOW with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-49709?

This is classified as CWE-384, which is a common weakness in software security.

CVE-2024-49709 - LOW Severity | CVSS N/A

Vulnerability Description

Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take over the account. Moreover, the system does not destroy the old sessions when creating new ones, what expands the time frame in which an attack might be performed. This vulnerability has been patched in version 79.0

Related Vulnerabilities

CVE-2021-20151

CRITICAL

CVSS:10.0(Critical)

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying cli...

CWE-3842021

CVE-2024-11317

CRITICAL

CVSS:10.0(Critical)

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise...

CWE-3842024

CVE-2024-38513

CRITICAL

CVSS:10.0(Critical)

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows us...

CWE-3842024

CVE-2015-1174

CRITICAL

CVSS:9.8(Critical)

Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.

CWE-3842015

CVE-2015-1820

CRITICAL

CVSS:9.8(Critical)

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a respons...

CWE-3842015

CVE-2016-10405

CRITICAL

CVSS:9.8(Critical)

Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.

CWE-3842016