CVE-2023-4217 — Sensitive Cookie Without 'HttpOnly' Flag in Eds-g503 Firmware

CWE-1004 — Sensitive Cookie Without 'HttpOnly' Flag CWE-668 — Resource Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

CNA3.1

EPSS

0.1%

top 64.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Eds-g503 Firmware Moxa Pt-g503 Series

Timeline

PublishedNov 2

Description

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5moxa/pt-g503_series1.0 — 5.2

▶NVDmoxa/eds-g503_firmware< 5.2

🔴Vulnerability Details

CVEList

Session cookies attribute not set properly↗2023-11-02

▶

GHSA

GHSA-25gj-gfhx-xwgh: A vulnerability has been identified in PT-G503 Series versions prior to v5↗2023-11-02

▶