CVE-2019-15849

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.

CVSS v3 7.3 HIGH
CVSS v2.0 4.9 MEDIUM

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:N

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://noskill1337.github.io/homematic-ccu3-session-fixation	Exploit Mitigation Third Party Advisory
https://www.eq-3.com/products/homematic.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.14.11:*:*:*:*:*:*:*

cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-10-17 14:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-15849

Mitre link : CVE-2019-15849

CVE.ORG link : CVE-2019-15849

JSON object : View

Products Affected

eq-3

homematic_ccu3_firmware
homematic_ccu3

CWE

CWE-384

Session Fixation

{"id": "CVE-2019-15849", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}]}, "published": "2019-10-17T14:15:10.760", "references": [{"url": "https://noskill1337.github.io/homematic-ccu3-session-fixation", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.eq-3.com/products/homematic.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system."}, {"lang": "es", "value": "eQ-3 HomeMatic CCU3 firmware versi\u00f3n 3.41.11, permite la fijaci\u00f3n de la sesi\u00f3n. Un atacante puede crear IDs de sesi\u00f3n y enviarlos a la v\u00edctima. Despu\u00e9s de que la v\u00edctima se registra en la sesi\u00f3n, el atacante puede usar esa sesi\u00f3n. El atacante podr\u00eda crear inicios de sesi\u00f3n SSH despu\u00e9s de una sesi\u00f3n v\u00e1lida y comprometer f\u00e1cilmente el sistema."}], "lastModified": "2019-10-22T13:23:54.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.14.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74FC5540-61BD-463C-BAB5-BAC842036EAF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}