CVE-2024-12297
Frontend Authorization Logic Disclosure Vulnerability
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Produtos afetados
Moxa · EDS-508A SeriesMoxa · PT-508 SeriesMoxa · PT-510 SeriesMoxa · PT-7528 SeriesMoxa · PT-7728 SeriesMoxa · PT-7828 SeriesMoxa · PT-G503 SeriesMoxa · PT-G510 SeriesMoxa · PT-G7728 SeriesMoxa · PT-G7828 SeriesQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-serieshttps://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches