CVE-2023-43994

Name of the Vulnerable Software and Affected Versions Line version 13.6.1 NPort 6000 (affected versions not specified) NPort Windows Driver Manager (affected versions not specified)

Description An issue in the Cleaning makotoya mini-app on Line allows attackers to send crafted malicious notifications via leakage of the channel access token. A vulnerability in the NPort 6000 terminal server and NPort Windows Driver Manager is related to errors in the certificate authentication procedure, which can allow a remote attacker to perform a man-in-the-middle attack.

Recommendations For Line version 13.6.1, update to a version that fixes the leakage of the channel access token. For NPort 6000, restrict access to the terminal server to minimize the risk of exploitation until a patch is available. For NPort Windows Driver Manager, consider disabling the vulnerable authentication procedure until a fix is provided. At the moment, there is no information about a newer version that contains a fix for the NPort 6000 and NPort Windows Driver Manager vulnerabilities.