Lucene search

[email protected]NVD:CVE-2023-5627

HistoryNov 01, 2023 - 4:15 p.m.

CVE-2023-5627

2023-11-0116:15:08

CWE-287

CWE-303

CWE-257

CWE-327

[email protected]

web.nvd.nist.gov

vulnerability

nport 6000 series

authentication

incorrect implementation

sensitive information protection

malicious users

unauthorized access

web service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.2%

JSON

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.

Affected configurations

NVD

Node

moxanport_6150-t_firmwareRange≤1.21

AND

moxanport_6150-tMatch-

Node

moxanport_6150_firmwareRange≤1.21

AND

moxanport_6150Match-

Node

moxanport_6250-m-sc-t_firmwareRange≤1.21

AND

moxanport_6250-m-sc-tMatch-

Node

moxanport_6250-m-sc_firmwareRange≤1.21

AND

moxanport_6250-m-scMatch-

Node

moxanport_6250-s-sc-t_firmwareRange≤1.21

AND

moxanport_6250-s-sc-tMatch-

Node

moxanport_6250-s-sc_firmwareRange≤1.21

AND

moxanport_6250-s-scMatch-

Node

moxanport_6250-t_firmwareRange≤1.21

AND

moxanport_6250-tMatch-

Node

moxanport_6250_firmwareRange≤1.21

AND

moxanport_6250Match-

Node

moxanport_6450-t_firmwareRange≤1.21

AND

moxanport_6450-tMatch-

Node

moxanport_6450_firmwareRange≤1.21

AND

moxanport_6450Match-

Node

moxanport_6610-16-48v_firmwareRange≤1.21

AND

moxanport_6610-16-48vMatch-

Node

moxanport_6610-16_firmwareRange≤1.21

AND

moxanport_6610-16Match-

Node

moxanport_6610-32-48v_firmwareRange≤1.21

AND

moxanport_6610-32-48vMatch-

Node

moxanport_6610-32_firmwareRange≤1.21

AND

moxanport_6610-32Match-

Node

moxanport_6610-8-48v_firmwareRange≤1.21

AND

moxanport_6610-8-48vMatch-

Node

moxanport_6610-8_firmwareRange≤1.21

AND

moxanport_6610-8Match-

Node

moxanport_6650-16-48v_firmwareRange≤1.21

AND

moxanport_6650-16-48vMatch-

Node

moxanport_6650-16-hv-t_firmwareRange≤1.21

AND

moxanport_6650-16-hv-tMatch-

Node

moxanport_6650-16-t_firmwareRange≤1.21

AND

moxanport_6650-16-tMatch-

Node

moxanport_6650-16_firmwareRange≤1.21

AND

moxanport_6650-16Match-

Node

moxanport_6650-32-48v_firmwareRange≤1.21

AND

moxanport_6650-32-48vMatch-

Node

moxanport_6650-32-hv-t_firmwareRange≤1.21

AND

moxanport_6650-32-hv-tMatch-

Node

moxanport_6650-32_firmwareRange≤1.21

AND

moxanport_6650-32Match-

Node

moxanport_6650-8-48v_firmwareRange≤1.21

AND

moxanport_6650-8-48vMatch-

Node

moxanport_6650-8-hv-t_firmwareRange≤1.21

AND

moxanport_6650-8-hv-tMatch-

Node

moxanport_6650-8-t_firmwareRange≤1.21

AND

moxanport_6650-8-tMatch-

Node

moxanport_6650-8_firmwareRange≤1.21

AND

moxanport_6650-8Match-

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-232905-nport-6000-series-incorrect-implementation-of-authentication-algorithm-vulnerability