PT-2024-4576 · Unknown · Sinec Traffic Analyzer
Published
2024-06-11
·
Updated
2024-08-06
·
CVE-2024-35206
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
SINEC Traffic Analyzer versions prior to V1.2
Description:
A vulnerability has been identified in the affected application where it does not expire the session, potentially allowing an attacker to gain unauthorized access. The issue is related to the incorrect session expiration period, which could be exploited to obtain unauthorized device access.
Recommendations:
For versions prior to V1.2, consider implementing session expiration mechanisms to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the application to minimize the risk of exploitation.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sinec Traffic Analyzer