Incorrectly Specified Destination in a Communication Channel in Moxa products - CVE-2019-9097
Published: February 27, 2020
Vulnerability identifier: #VU25669
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-9097
CWE-ID: CWE-941
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor. A remote attacker can overload the system to cause the service to crash, leading to the web service may become temporarily unavailable.
How to mitigate CVE-2019-9097
Install updates from vendor's website.