6.5

CVE-2024-0387

EPSS 0.25%
Veröffentlicht 26.02.2024 16:27:49
Zuletzt bearbeitet 25.02.2025 22:56:10
Quelle psirt@moxa.com
CVE-Watchlists
Login
Unerledigt
Login

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moxa ≫ Eds-4008 Firmware Version <= 3.2

Moxa ≫ Eds-4008 Version-

Moxa ≫ Eds-4009 Firmware Version <= 3.2

Moxa ≫ Eds-4009 Version-

Moxa ≫ Eds-4012 Firmware Version <= 3.2

Moxa ≫ Eds-4012 Version-

Moxa ≫ Eds-4014 Firmware Version <= 3.2

Moxa ≫ Eds-4014 Version-

Moxa ≫ Eds-g4008 Firmware Version <= 3.2

Moxa ≫ Eds-g4008 Version-

Moxa ≫ Eds-g4012 Firmware Version <= 3.2

Moxa ≫ Eds-g4012 Version-

Moxa ≫ Eds-g4014 Firmware Version <= 3.2

Moxa ≫ Eds-g4014 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.476

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
psirt@moxa.com	6.5	2.3	3.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0387

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0387

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0387

EUVD