BSA-2019-783
21350
16 April 2019
16 April 2019
Closed
Medium
9.8
N/A
CVE-2019-1573
Summary
Security Advisory ID : BSA-2019-783
Component : VPN
Revision : 1.0: Final
Virtual Private Networks (VPNs) are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.
Impact
If an attacker has persistent access to a VPN user's endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session.
More information about these vulnerabilities can be found at: https://www.kb.cert.org/vuls/id/192371/
Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | April 16, 2019 |