PT-2020-17241 · Lanit · Lan Atmservice M3 Atm Monitoring System

Dmitry Kuramin

Published

2020-12-10

Updated

2020-12-14

CVE-2020-29667

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Lan ATMService M3 ATM Monitoring System version 6.1.0

Description The issue allows a remote attacker to gain control over the system due to insufficient session expiration. This can be achieved by using a default cookie value, such as PHPSESSID=LANIT-IMANAGER.

Recommendations For Lan ATMService M3 ATM Monitoring System version 6.1.0, consider changing the default cookie value to a unique and secure value to prevent unauthorized access. As a temporary workaround, restrict access to the system until a patch is available. Avoid using the default PHPSESSID value in the affected system until the issue is resolved.

Exploit

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2020-29667

Affected Products

Lan Atmservice M3 Atm Monitoring System

PT-2020-17241 · Lanit · Lan Atmservice M3 Atm Monitoring System

CVE-2020-29667

Weakness Enumeration

Related Identifiers

Affected Products

References · 26