ITEL ISO FM SFN Adapter Session Hijacking Vulnerability

A session hijacking vulnerability has been identified in the ITEL ISO FM SFN Adapter, specifically in firmware version ISO2 2.0.0.0 and WebServer 2.0. The vulnerability arises from improper session management on the '/home.html' endpoint, allowing an attacker to access an active session without authentication. This unauthorized access enables control over the device, modification of configurations, and potential compromise of system integrity.

Impact

Exploitation of this vulnerability allows unauthorized access to active sessions, enabling attackers to control the device, alter system settings, and disrupt services. Additionally, if the compromised session belongs to an admin user, the attacker could gain elevated privileges.

Reproduction

To reproduce this vulnerability, open a web browser and navigate to the '/home.html' endpoint on the affected device. If an active session exists, access will be granted without authentication.

Remediation

ITEL should implement proper session management by requiring authentication before granting access to the '/home.html' endpoint. Additionally, using secure session cookies and enforcing role-based access control could help mitigate the vulnerability. Until a patch is available, administrators can restrict access to '/home.html' using firewall rules or web server configurations, enable logout enforcement after inactivity, and manually monitor and clear unauthorized active sessions.