Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJpcertCVELIST:CVE-2023-31195
HistoryJun 13, 2023 - 12:00 a.m.

CVE-2023-31195

2023-06-1300:00:00
jpcert
www.cve.org
5
cve-2023-31195
sensitive cookies
secure attribute
man-in-the-middle attack
hijacked session

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.1%

JSON

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without ‘Secure’ attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (‘http’) connection, the user’s session may be hijacked.

CNA Affected

[
  {
    "vendor": "ASUSTeK COMPUTER INC.",
    "product": "ASUS Router RT-AX3000",
    "versions": [
      {
        "version": "Firmware versions prior to 3.0.0.4.388.23403",
        "status": "affected"
      }
    ]
  }
]

Related

cve 1
prion 1
nvd 1
jvn 1
malwarebytes 1
thn 1
cve
cve
CVE-2023-31195
2023-06-13 10:15:10
prion
prion
Design/Logic Flaw
2023-06-13 10:15:00
nvd
nvd
CVE-2023-31195
2023-06-13 10:15:10
jvn
jvn
JVN#34232595: ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute
2023-06-09 00:00:00
malwarebytes
malwarebytes
Update now! ASUS fixes nine security flaws
2023-06-20 04:00:00
thn
thn
ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models
2023-06-20 08:39:00

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.1%

JSON
Related for CVELIST:CVE-2023-31195
cve1prion1nvd1jvn1malwarebytes1thn1