CVE-2017-13699

EPSS 0.1%
Veröffentlicht 23.11.2017 21:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moxa ≫ Eds-g512e Firmware Version5.1

Moxa ≫ Eds-g512e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.281

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf

Third Party Advisory

Mitigation

http://www.securityfocus.com/bid/106047

https://nvd.nist.gov/vuln/detail/CVE-2017-13699

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-13699

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-13699

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-13699