Cyber Security News

Critical Vulnerabilities in Moxa Switches Enable Unauthorized Access

A critical vulnerability identified as CVE-2024-12297 has been discovered in Moxa’s PT series of network switches, affecting multiple models across different product lines.

This security flaw involves an authorization logic disclosure that can be exploited to bypass authentication mechanisms, allowing malicious actors to gain unauthorized access to sensitive configurations, potentially disrupting network services.

The vulnerability, classified as CWE-656: Reliance on Security Through Obscurity, enables attackers to bypass client-side and backend server verification processes despite existing security measures.

Exploitation can lead to brute-force attacks aimed at guessing valid credentials or leveraging MD5 collision attacks to forge authentication hashes, thereby compromising device security.

Identified Vulnerability Type and Potential Impact

ItemVulnerability TypeImpact
1CWE-656: Reliance on Security Through Obscurity (CVE-2024-12297)Exploitation could allow attackers to bypass authentication, perform brute-force or MD5 collision attacks, and gain unauthorized access to sensitive configurations or disrupt services.

The vulnerability identified in Moxa’s PT switches, CVE-2024-12297, carries significant severity. Its scoring details highlight the critical nature of this threat.

According to the Common Vulnerability Scoring System (CVSS) version 4.0, this vulnerability has a base score of 9.2, indicating high severity. The vector for this score is AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L.

This breaks down into various factors such as Attack Vector (AV), Attack Complexity (AC), and Privileges Required (PR). Specifically, an attacker can exploit this vulnerability remotely (AV:N) with low complexity (AC:L), requiring no user interaction (UI:N), and no privileges (PR:N).

The vulnerability allows high potential impact in terms of confidentiality, integrity, and availability (VC, VI, VA all set to High), but the scope for changing those impacts is limited (SC:L).

The impact on system integrity and availability is also limited (SI:L), and there is no significant scope for amplifying these impacts (SA:L).

Affected Products and Solutions

Affected Products

Product SeriesAffected Versions
PT-508 SeriesFirmware version 3.8 and earlier
PT-510 SeriesFirmware version 3.8 and earlier
PT-7528 SeriesFirmware version 5.0 and earlier
PT-7728 SeriesFirmware version 3.9 and earlier
PT-7828 SeriesFirmware version 4.0 and earlier
PT-G503 SeriesFirmware version 5.3 and earlier
PT-G510 SeriesFirmware version 6.5 and earlier
PT-G7728 SeriesFirmware version 6.5 and earlier
PT-G7828 SeriesFirmware version 6.5 and earlier

In addition to applying the product-specific solutions, users are advised to follow general security recommendations to enhance the security posture of their networks.

Regular updates and checks for patches are crucial in preventing the exploitation of such vulnerabilities.

This advisory serves as a call to action for both Moxa and its customers to ensure timely mitigation of the identified risks, protecting against potential malicious activities.

Users of the affected Moxa products should prioritize contacting Moxa Technical Support to obtain the necessary security patches.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Nmap 7.96 Released with Enhanced Scanning Capabilities and Updated Libraries

The popular network mapping and security auditing tool Nmap has released version 7.96, featuring a…

25 minutes ago

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple privilege…

34 minutes ago

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its…

4 hours ago

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed…

4 hours ago

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…

7 hours ago

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…

7 hours ago