CRITICAL🇵🇱 Wersja polska

CVE-2023-48929

CVSS 9.8v3.1pub. 2023-12-08upd. 2024-11-21

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of the session identifier ('sid') in the group_status.asp resource. An attacker can provide a predetermined session identifier to the victim, and after authentication, take control of that session. The Session Fixation mechanism works by the application failing to regenerate the session identifier after user login, allowing the attacker to use a session with known parameters.

Impact

An attacker can hijack a logged-in user's session, leading to privilege escalation and unauthorized access to sensitive information processed by the system.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Additionally, it is recommended to restrict access to the SSA web interface only to trusted networks and implement an additional authentication layer.

Who is affected

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Franklin Electric System Sentinel Anyware

    APP
    Franklin-Electric
    1.6.24.492
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2023-48928MEDIUM6.1ten sam produkt

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The ...