A high-severity vulnerability has been identified in multiple products, allowing an unauthenticated attacker on the local network to hijack an active user's session. Successful exploitation grants the attacker complete administrative control over the affected device, potentially leading to data theft, system compromise, or further network intrusion.

This vulnerability is a session hijacking flaw. An unauthenticated attacker on the same local network can obtain a valid session identifier of an already logged-in user. By replaying this session ID, the attacker can impersonate the legitimate user and gain full access to the device's management interface. This attack is only possible when the "configuration via ethernet" feature is enabled on the target device.

The high severity rating of this vulnerability, indicated by a CVSS score of 8.8, reflects a significant risk to the organization. A successful exploit grants an attacker complete administrative control over the affected device. This could lead to the theft of sensitive information, unauthorized configuration changes, service disruption, or the device being used as a foothold to launch further attacks against the internal network. The potential for full system compromise poses a direct threat to data confidentiality, integrity, and availability.

Immediate Action: Apply the security updates provided by the vendor to all affected devices immediately. Following the update, actively monitor for any signs of exploitation attempts by reviewing system and network access logs for suspicious activity.

Proactive Monitoring:

• Review access logs for concurrent sessions using the same session ID from different IP addresses.
• Monitor network traffic for unusual connections to the devices' management interfaces, especially from unauthorized network segments.
• Implement alerts for any unauthorized configuration changes or the creation of new user accounts on affected systems.

Compensating Controls:

• Network Segmentation: Isolate the management interfaces of affected devices onto a secure, restricted network segment accessible only by authorized personnel.
• Access Control Lists (ACLs): Implement strict firewall or switch ACLs to permit access to the management interface only from specific, trusted IP addresses.
• Disable Ethernet Configuration: If device configuration over Ethernet is not a critical function, disable this feature as a temporary mitigation until patches can be deployed.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the potential for complete device compromise, it is strongly recommended that organizations identify all affected assets and apply the vendor-supplied security updates with high priority. Although this vulnerability is not currently listed in the CISA KEV catalog and there are no public reports of active exploitation, the severity of the potential impact necessitates immediate action. If patching cannot be performed immediately, implement the recommended compensating controls, such as network segmentation and access control lists, to reduce the attack surface and mitigate risk.