CVE-2024-49709

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0

Description: The issue allows an attacker with access to a user's browser to set an arbitrary session cookie value, potentially leading to account takeover. The system's failure to destroy old sessions when creating new ones expands the time frame for a possible attack.

Recommendations: For versions prior to 79.0, update to version 79.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive features until the update is applied.