#VU25664 Use of a broken or risky cryptographic algorithm in Moxa products - CVE-2019-9095
Published: February 27, 2020
Vulnerability identifier: #VU25664
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-9095
CWE-ID: CWE-327
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Software vendor:
Moxa
Moxa
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected products use a weak cryptographic algorithm with predictable variables. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.