#VU29643 Authentication Bypass by Capture-replay in MGate 5105-MB-EIP Series - CVE-2020-15494
Published: July 10, 2020
Vulnerability identifier: #VU29643
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15494
CWE-ID: CWE-294
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
MGate 5105-MB-EIP Series
MGate 5105-MB-EIP Series
Software vendor:
Moxa
Moxa
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to improper authentication process. A remote attacker can bypass authentication process and obtain the session ID of the connection between the host and the device.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.