First published: Fri Nov 06 2020(Updated: )
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Coreos | <=05.65.00.bd | |
Mitsubishielectric Gt1450-qlbde | ||
Mitsubishielectric Gt1450-qmbde | ||
Mitsubishielectric Gt1450hs-qmbde | ||
Mitsubishielectric Gt1455-qtbde | ||
Mitsubishielectric Gt1455hs-qtbde |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5645 is a session fixation vulnerability in the TCP/IP function included in the firmware of the GT14 Model of GOT 1000 series.
The severity of CVE-2020-5645 is high with a CVSS score of 7.5.
The GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier are affected.
There is currently no fixed version available. Please refer to the vendor's advisory for further instructions.
You can find more information about CVE-2020-5645 in the following references: [JVN], [US-CERT], [Mitsubishielectric]