CVE-2023-39981

{"id": "CVE-2023-39981", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@moxa.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-02T13:15:45.257", "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@moxa.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "psirt@moxa.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en MXsecurity versiones anteriores a v1.0.1. que permite el acceso no autorizado.Esta vulnerabilidad surge por medidas de autenticaci\u00f3n inadecuadas pudiendo llevar potencialmente a la revelaci\u00f3n de informaci\u00f3n del dispositivo por parte de un atacante remoto."}], "lastModified": "2024-10-28T06:15:04.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ED6F989-0F7D-46CC-BCEC-91E50F1B42AC", "versionEndIncluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@moxa.com"}