CVE-2019-9583 Information

Description

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16 2.41.5 2.41.8 2.41.9 2.45.6 2.45.7 2.47.10 2.47.12 2.47.15. Affected versions for CCU3: 3.41.11 3.43.16 3.45.5 3.45.7 3.47.10 3.47.15.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Reference

https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9583.md https://psytester.github.io/CVE-2019-9583/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

HIGH

Base Severity

8.2