all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-28809 (ds-k1t320efwx_firmware, ds-k1t320efx_firmware, ds-k1t320ewx_firmware, ds-k1t320ex_firmware, ds-k1t320mfwx_firmware, ds-k1t320mfx_firmware, ds-k1t320mwx_firmware, ds-k1t320mx_firmware, ds-k1t341am_firmware, ds-k1t341amf_firmware, ds-k1

Add to bookmarks
June 15, 2023, 7:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.

access access control attack attackers control cve exploit hijacking logs product products request session session hijacking update valid vulnerability vulnerable

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months, 2 weeks ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Cyber Incident Manager 3

@ ARSIEM | Pensacola, FL
View on infosec-jobs.com

On-Site Environmental Technician II - Industrial Wastewater Plant Operator and Compliance Inspector

@ AECOM | Billings, MT, United States
View on infosec-jobs.com

Sr Security Analyst

@ Everbridge | Bengaluru
View on infosec-jobs.com