CVE-2024-4739 — Exposed Dangerous Method or Function in Mxsecurity Series

CWE-749 — Exposed Dangerous Method or Function3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.5%

top 34.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mxsecurity Series Moxa Mxsecurity

Timeline

PublishedOct 18

Description

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmoxa/mxsecurity1.1.0

▶CVEListV5moxa/mxsecurity_series1.0 — 1.1.0

🔴Vulnerability Details

CVEList

MXsecurity License Generation Function Disclosure↗2024-10-18

▶

GHSA

GHSA-jj92-x469-335w: The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1↗2024-10-18

▶