CVE-2016-10309

CRITICAL

Ceragon FibeAir IP-10 Firmware < 7.1.0 - Unauthenticated Authentication Bypass via ALBATROSS Cookie

Title source: llm
STIX 2.1

Description

In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91263
Third Party Advisory x_refsource_misc
http://blog.iancaling.com/post/145973147383

Scores

CVSS v3 9.8
EPSS 0.0168
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
ceragon/fibeair_ip-10_firmware < 7.1.0
Published Mar 30, 2017
Tracked Since Feb 18, 2026