SB2017052411 - Multiple vulnerabilities in Moxa OnCell
Published: May 24, 2017
Security Bulletin ID
SB2017052411
Severity
High
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Authentication bypass (CVE-ID: CVE-2017-7915)
The vulnerability allows a remote attacker to perform a brute-force attack.
The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can perform brute-force attack to determine parameters for authentication bypass.
Successful exploitation of the vulnerability may allow an attacker to gain unauthorized access to vulnerable system.
2) Information disclosure (CVE-ID: CVE-2017-7913)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to storing of passwords in plaintext. A local attacker can gain access to the files that store passwords in clear text and obtain credentials.
Successful exploitation of the vulnerability may result in information disclosure.
3) Cross-site request forgery (CVE-ID: CVE-2017-7917)
The vulnerability allows a remote user to perform CSRF attack.The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify the configuration on the target device.
Remediation
Install update from vendor's website.