Unauthenticated remote attackers can hijack valid user sessions by intercepting plaintext session tokens exposed in the URL parameters of the wwwupdate service.

The wwwupdate service fails to protect session identifiers, transmitting them as plaintext query parameters in the URL. An unauthenticated attacker can obtain these tokens through various means, such as log inspection, referrer headers, or network sniffing.

Session hijacking allows an attacker to assume the identity of an authenticated user, including administrators. With a CVSS score of 7.5, this vulnerability could lead to unauthorized configuration changes or device disruption. The exposure of tokens in URLs is a significant security failure that undermines the entire authentication mechanism.

Immediate Action: Apply vendor security updates that move session tokens to secure, HTTP-only cookies or the Authorization header instead of the URL.

Proactive Monitoring: Review web server and proxy logs for session tokens in URLs and clear browser histories/caches on management workstations.

Compensating Controls: Force the use of HTTPS to prevent network sniffing and implement short session timeouts to reduce the window of opportunity for hijacked tokens.

Public Exploit Available: false

Transmitting session tokens in URLs is a violation of modern security best practices. Administrators should update affected devices immediately and ensure that all management traffic is encrypted and monitored for suspicious session activity.