PT-2017-3810 · Moxa · Mgate Mb3180+5

Evgeniy Druzhinin

Publicado

2017-05-09

Atualizado

2020-03-17

CVE-2019-9096

CVSS v3.1

Crítica

Vetor

AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions Moxa MGate MB3170 versions prior to 4.1 Moxa MGate MB3180 versions prior to 2.1 Moxa MGate MB3270 versions prior to 4.1 Moxa MGate MB3280 versions prior to 3.1 Moxa MGate MB3480 versions prior to 3.1 Moxa MGate MB3660 versions prior to 2.3

Description The issue is related to insufficient password requirements for the MGate web application, which may allow an attacker to gain access by brute-forcing account passwords. This can enable a remote attacker to gain full access to the system by directly guessing the credentials.

Recommendations For Moxa MGate MB3170 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3180 versions prior to 2.1, update to version 2.1 or later. For Moxa MGate MB3270 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3280 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3480 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3660 versions prior to 2.3, update to version 2.3 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-521

Identificadores relacionados

BDU:2019-03273

CVE-2019-9096

Produtos afetados

Mgate Mb3170

Mgate Mb3180

Mgate Mb3270

Mgate Mb3280

Mgate Mb3480

Mgate Mb3660

PT-2017-3810 · Moxa · Mgate Mb3180+5

CVE-2019-9096

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6