Predictable session identifier generation in SODOLA switches allows attackers to forge administrative cookies and bypass authentication entirely to gain unauthorized device access.

The firmware uses a weak algorithm to generate session cookies based on predictable MD5 hashes. An attacker who can calculate these values can forge a valid session identifier and gain authenticated access without knowing the actual user password.

This vulnerability allows for an authentication bypass that grants full control over the network switch. With a CVSS score of 9.8, the business risk includes unauthorized network reconfiguration, traffic monitoring, and potential denial-of-service attacks against critical infrastructure.

Immediate Action: Update the device firmware to the latest version which includes a cryptographically secure random session generation mechanism.

Proactive Monitoring: Review device access logs for successful logins that do not correspond to known administrative activity or originate from anomalous sources.

Compensating Controls: Isolate the management interface behind a VPN or a secure jump host to prevent external actors from attempting to forge session cookies.

Public Exploit Available: No

The use of weak session identifiers is a critical flaw in device security. It is imperative to update the firmware immediately to transition to secure session management and protect the integrity of the network environment.