PT-2023-4676 · Unknown · Mxsecurity

Darren Martyn

Publicado

2023-08-08

Atualizado

2024-10-28

CVE-2023-39982

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions MXsecurity versions prior to v1.0.1

Description The issue is related to the use of a hard-coded SSH host key in the MXsecurity platform, which may facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. This could put the confidentiality and integrity of SSH communications at risk on the affected device.

Recommendations For MXsecurity versions prior to v1.0.1, update to version v1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting SSH access to minimize the risk of exploitation. Avoid using the hard-coded SSH host key in the affected device until the issue is resolved.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-321

Identificadores relacionados

BDU:2023-05089

CVE-2023-39982

Produtos afetados

Mxsecurity

PT-2023-4676 · Unknown · Mxsecurity

CVE-2023-39982

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10