CVE-2023-39982

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
Configurations

Configuration 1 (hide)

cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*

History

28 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-321
Summary (en) A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. (en) A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.

08 Sep 2023, 13:23

Type Values Removed Values Added
CPE cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*
CWE CWE-798
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
First Time Moxa
Moxa mxsecurity
References (MISC) https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities - (MISC) https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities - Patch, Vendor Advisory

02 Sep 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-02 13:15

Updated : 2024-10-28 07:15


NVD link : CVE-2023-39982

Mitre link : CVE-2023-39982

CVE.ORG link : CVE-2023-39982


JSON object : View

Products Affected

moxa

  • mxsecurity
CWE
CWE-798

Use of Hard-coded Credentials

CWE-321

Use of Hard-coded Cryptographic Key