Authentication Bypass by Capture-replay in NOTI-FIRE-NET Web Server

#VU25498 Authentication Bypass by Capture-replay in NOTI-FIRE-NET Web Server

Published: 2020-02-21

Vulnerability identifier: #VU25498

Vulnerability risk: High

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-6972

CWE-ID: CWE-294

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
NOTI-FIRE-NET Web Server
Server applications / Remote access servers, VPN

Vendor: Honeywell International, Inc

Description

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists due to the Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. A remote attacker can bypass web server authentication methods.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

NOTI-FIRE-NET Web Server: 3.50

External links
http://ics-cert.us-cert.gov/advisories/icsa-20-051-03
http://www.notifier.com.au/notices/Security_Notification_SN_2020-02-04_Rev_01_Notifier.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Honeywell NOTI-FIRE-NET Web Server (NWS-3)