Description
The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Chcnav / Chcnav - P5E GNSS4.2 – 4.1*
References
- VENDOR_ADVISORYhttps://www.gov.il/en/Departments/faq/cve_advisories