A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hirschmann_rs20-0900mmm2tdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-0900nnm4tdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-0900vvm2tdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2l2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2m2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2s2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2t1sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600m2m2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600m2t1sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600s2m2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600s2s2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600s2t1sdau | Belden | - (including) | - (including) |
Such a scenario is commonly observed when: