CVE-2023-5035Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Eds-g503 Firmware

CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' AttributeCWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
5.3MEDIUMNVD
CNA3.1
EPSS
0.1%
top 66.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Moxa Eds-g503 FirmwareMoxa Pt-g503 Series
Timeline
PublishedNov 2

Description

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5moxa/pt-g503_series1.05.2

🔴Vulnerability Details

2
CVEList
Cookie Without Secure Flag2023-11-02
GHSA
GHSA-7v85-4vq6-66gq: A vulnerability has been identified in PT-G503 Series firmware versions prior to v52023-11-02
CVE-2023-5035 — Moxa Eds-g503 Firmware vulnerability | cvebase