CVE-2023-39982

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions MXsecurity versions prior to v1.0.1

Description The issue is related to the use of a hard-coded SSH host key in the MXsecurity platform, which may facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. This could put the confidentiality and integrity of SSH communications at risk on the affected device.

Recommendations For MXsecurity versions prior to v1.0.1, update to version v1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting SSH access to minimize the risk of exploitation. Avoid using the hard-coded SSH host key in the affected device until the issue is resolved.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-321

Related Identifiers

BDU:2023-05089

CVE-2023-39982

Affected Products

Mxsecurity

CVE-2023-39982

Weakness Enumeration

Related Identifiers

Affected Products

References · 10