PT-2017-11584 · Yamaha · Rx-Clv2-B+4
Kiyotaka Atsumi
·
Published
2017-11-17
·
Updated
2017-12-08
·
CVE-2017-10890
CVSS v3.1
4.6
Medium
| Vector | AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RX-V200 versions prior to 09.87.17.09
RX-V100 versions prior to 03.29.17.09
RX-CLV1-P versions prior to 79.17.17.09
RX-CLV2-B versions prior to 89.07.17.09
RX-CLV3-N versions prior to 91.09.17.10
Description
A session management issue allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.
Recommendations
For RX-V200 versions prior to 09.87.17.09, update to version 09.87.17.09 or later.
For RX-V100 versions prior to 03.29.17.09, update to version 03.29.17.09 or later.
For RX-CLV1-P versions prior to 79.17.17.09, update to version 79.17.17.09 or later.
For RX-CLV2-B versions prior to 89.07.17.09, update to version 89.07.17.09 or later.
For RX-CLV3-N versions prior to 91.09.17.10, update to version 91.09.17.10 or later.
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rx-Clv1-P
Rx-Clv2-B
Rx-Clv3-N
Rx-V100
Rx-V200