CVE-2025-15387
Unknown
Unknown - Not Provided
Insufficient Entropy in QNO VPN Firewall Enables Session Hijacking
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: TWCERT/CC
Description
Description
VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qno_technology | vpn_firewall | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-331 | The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Insufficient Entropy issue in the VPN Firewall developed by QNO Technology. It allows unauthenticated remote attackers to perform brute-force attacks to obtain any logged-in user session and then log into the system without authorization.
How can this vulnerability impact me? :
The vulnerability can allow attackers to gain unauthorized access to user sessions by brute-forcing session information, potentially leading to full system access and compromise of sensitive data or network resources.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70