Information disclosure in ioLogik - CVE-2016-8372
Published: October 18, 2016
Vulnerability identifier: #VU1024
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:NL/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8372
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
ioLogik
ioLogik
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to obtain private data on the target system.
The weakness is due to insufficient protection of credential and allows attakers to gain valid user's passwords.
Successful exploitation of the vulnerability results in disclosure of user's credentials on the vulnerable system.
The weakness is due to insufficient protection of credential and allows attakers to gain valid user's passwords.
Successful exploitation of the vulnerability results in disclosure of user's credentials on the vulnerable system.
How to mitigate CVE-2016-8372
Update firmware to the latest versions.