CVE-2023-39982Use of Hard-coded Cryptographic Key in Mxsecurity Series

CWE-321Use of Hard-coded Cryptographic KeyCWE-798Hard-coded Credentials3 documents3 sources
Severity
5.9MEDIUMNVD
CNA7.5
EPSS
0.2%
top 64.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Moxa Mxsecurity SeriesMoxa Mxsecurity
Timeline
PublishedSep 2

Description

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDmoxa/mxsecurity1.0.1
CVEListV5moxa/mxsecurity_series1.01.0.1

Patches

Patch: www.moxa.comPatch: www.moxa.com

🔴Vulnerability Details

2
CVEList
MXsecurity Hardcoded Credential2023-09-02
GHSA
GHSA-jvqq-8f3q-54hg: A vulnerability has been identified in MXsecurity versions prior to v12023-09-02
CVE-2023-39982 — Use of Hard-coded Cryptographic Key | cvebase