Japan Vulnerability NotesJVN:51464799JVN#51464799: L2Blocker Sensor setup screen vulnerable to authentication bypass
4.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:P/A:N
8.1 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
26.1%
L2Blocker provided by SOFTCREATE CORP. contains a vulnerability (CWE-288) in which the login authentication is bypassed by using alternative paths or channels for Sensor.
Impact
An attacker who can access the device may perform an unauthorized login and obtain the stored information or cause a malfunction of the device.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
The developer released the following version that fixes the vulnerability.
- L2Blocker Ver4.8.6
According the developer, L2Blocker(Cloud) has already been updated by the developer, therefore no user update is required.
Products Affected
- L2Blocker(on-premise) Ver4.8.5 and earlier
- L2Blocker(Cloud) Ver4.8.5 and earlier
According the developer, EOS versions 3 series and ealier are also affected by this vulnerability.
Related
4.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:P/A:N
8.1 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
26.1%