Use of Hard-coded Cryptographic Key in AWK-3131A Series

#VU25524 Use of Hard-coded Cryptographic Key in AWK-3131A Series

Published: 2020-02-24 | Updated: 2020-02-25

Vulnerability identifier: #VU25524

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5137

CWE-ID: CWE-321

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AWK-3131A Series
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Moxa

Description

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to presence of a hard-coded cryptographic key within the "ServiceAgent" binary. A remote attacker can decrypt a captured traffic.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AWK-3131A Series: 1.13

External links
http://www.moxa.com/en/support/support/security-advisory/awk-3131a-series-industrial-ap-bridge-client-vulnerabilities
http://talosintelligence.com/vulnerability_reports/TALOS-2019-0926

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Moxa AWK-3131A Series