CVE-2019-15849

Name of the Vulnerable Software and Affected Versions eQ-3 HomeMatic CCU3 firmware version 3.41.11

Description The issue allows session fixation, where an attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. This could lead to the creation of SSH logins after a valid session, potentially compromising the system.

Recommendations For eQ-3 HomeMatic CCU3 firmware version 3.41.11, consider disabling SSH logins until a patch is available to prevent potential system compromise. As a temporary workaround, restrict access to sensitive sessions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.