Multiple Moxa's Ethernet switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism. Despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation. This vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
Since this issue is considered high severity, users should immediately apply the solutions to mitigate associated security risks.
The Identified Vulnerability Type and Potential Impact
| Item | Vulnerability Type | Impact |
|---|---|---|
| 1 |
CWE-656: Reliance on Security Through Obscurity |
CAPEC-49: Password Brute Forcing |
Vulnerability Scoring Details
|
ID
|
Base Score
|
Vector
|
Unauthenticated Remote Exploits |
|---|---|---|---|
| CVE-2024-12297 |
CVSS 4.0: 9.2 |
AV:N/AC:L/AT:P/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:L/SI:L/SA:L |
Yes |
This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241409-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-ethernet-switches