CVE-2022-40630
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform session fixation on the targeted device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tacitine | Firewall | 19.1.1 < EN6200-PRIME QUAD-35* | affected |
| Tacitine | Firewall | 19.1.1 < EN6200-PRIME QUAD-100* | affected |
Weaknesses
- CWE-384: CWE-384 Session Fixation
ADP Enrichment
CVE Program Container
Additional References
- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363
- https://tacitine.com/newdownload/CVE-2022-40630.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363
- https://tacitine.com/newdownload/CVE-2022-40630.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.