Overview
- Description
- Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
- Source
- psirt@honeywell.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8838609-3252-452F-A122-F454379006BA",
"versionEndExcluding": "p10.19.050004"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:pm43:-:*:*:*:*:*:x86:*",
"vulnerable": false,
"matchCriteriaId": "C5F24450-6D4D-4F32-A2E3-E06EA0466CD7"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]