CVE-2023-36749

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to V2.16.0 RUGGEDCOM ROX MX5000RE versions prior to V2.16.0 RUGGEDCOM ROX RX1400 versions prior to V2.16.0 RUGGEDCOM ROX RX1500 versions prior to V2.16.0 RUGGEDCOM ROX RX1501 versions prior to V2.16.0 RUGGEDCOM ROX RX1510 versions prior to V2.16.0 RUGGEDCOM ROX RX1511 versions prior to V2.16.0 RUGGEDCOM ROX RX1512 versions prior to V2.16.0 RUGGEDCOM ROX RX1524 versions prior to V2.16.0 RUGGEDCOM ROX RX1536 versions prior to V2.16.0 RUGGEDCOM ROX RX5000 versions prior to V2.16.0

Description A vulnerability has been identified in the webserver of the affected devices, which supports the insecure TLS 1.0 protocol. This could allow an attacker to achieve a man-in-the-middle attack and compromise the confidentiality and integrity of data. The issue is related to the use of an unreliable cryptographic algorithm, which may permit a remote attacker to gain unauthorized access to protected information.

Recommendations For RUGGEDCOM ROX MX5000 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX MX5000RE versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1400 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1500 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1501 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1510 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1511 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1512 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1524 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1536 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX5000 versions prior to V2.16.0, update to version V2.16.0 or later.