CVE-2020-27184

Name of the Vulnerable Software and Affected Versions NPort IA5000A Series devices (affected versions not specified) NPort IA5150A/IA5250A, IA5450A devices (affected versions not specified)

Description The issue is related to the use of Telnet for network device management, which does not support encryption of client-server communications. This makes the devices vulnerable to Man-in-the-Middle attacks. The vulnerability is associated with a lack of protection for transmitted data, allowing a remote attacker to gain unauthorized access to protected information through a Telnet connection.

Recommendations For NPort IA5000A Series devices, consider disabling Telnet as a network device management service until a more secure alternative is implemented. For NPort IA5150A/IA5250A, IA5450A devices, restrict access to Telnet connections to minimize the risk of exploitation. As a temporary workaround, consider using alternative, encrypted management services for these devices until a patch or secure configuration is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.