PT-2020-18525 · Easyblocks · Easyblocks Ipv6+1

Hideki Sakamoto

Published

2020-04-08

Updated

2020-04-09

CVE-2020-5550

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions EasyBlocks IPv6 versions 2.0.1 and earlier EasyBlocks Enterprise versions 2.0.1 and earlier

Description The issue allows remote attackers to impersonate a registered user and log in to the management console, potentially resulting in information alteration or disclosure via unspecified vectors.

Recommendations For EasyBlocks IPv6 versions 2.0.1 and earlier, update to a version later than 2.0.1 to resolve the issue. For EasyBlocks Enterprise versions 2.0.1 and earlier, update to a version later than 2.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the management console to minimize the risk of exploitation.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2020-5550

Affected Products

Easyblocks Enterprise

Easyblocks Ipv6

PT-2020-18525 · Easyblocks · Easyblocks Ipv6+1

CVE-2020-5550

Weakness Enumeration

Related Identifiers

Affected Products

References · 6