CVE DATABASE / CVE-2009-2367
CVE-2009-2367
CVSS 9.8 · CRITICAL
Summary
cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Iomega storcenter pro firmwareIomega storcenter pro
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://osvdb.org/55586
- http://secunia.com/advisories/35666
- http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb?rev=6733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51539
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.