CVE-2023-39981 - OpenCVE

A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Moxa	Mxsecurity

Configuration 1 [-]

cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Moxa

Published: 2023-09-02T12:25:12.195Z

Updated: 2023-09-02T12:25:12.195Z

Reserved: 2023-08-08T07:09:59.308Z

Link: CVE-2023-39981

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-02T13:15:45.257

Modified: 2023-09-07T20:38:42.433

Link: CVE-2023-39981

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-39981", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2023-08-08T07:09:59.308Z", "datePublished": "2023-09-02T12:25:12.195Z", "dateUpdated": "2023-09-02T12:25:12.195Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MXsecurity Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.0.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.</p>"}], "value": "A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.\n\n"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114: Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2023-09-02T12:25:12.195Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.<br><ul><li>MXsecurity: Please upgrade to software v1.1.0 or higher.</li></ul>"}], "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n * MXsecurity: Please upgrade to software v1.1.0 or higher.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "MXsecurity Device Information Disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ED6F989-0F7D-46CC-BCEC-91E50F1B42AC", "versionEndIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.\n\n"}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en MXsecurity versiones anteriores a v1.0.1. que permite el acceso no autorizado.Esta vulnerabilidad surge por medidas de autenticaci\u00f3n inadecuadas pudiendo llevar potencialmente a la revelaci\u00f3n de informaci\u00f3n del dispositivo por parte de un atacante remoto."}], "id": "CVE-2023-39981", "lastModified": "2023-09-07T20:38:42.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2023-09-02T13:15:45.257", "references": [{"source": "psirt@moxa.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "psirt@moxa.com", "type": "Secondary"}]}