Friday, February 11, 2022

Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login



Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered two vulnerabilities in Moxa's MXview network management software that could allow an attacker to view sensitive data or bypass the need to log into the device. 

MXview is designed for users to configure, monitor and diagnose networking devices connected to networks in industrial control system environments. 

TALOS-2021-1403 (CVE-2021-40392) exists in MXview’s web application. An attacker could sniff traffic and gain the appropriate information to then exploit the vulnerability and view unencrypted network communication.

An attacker could also access the device without any prior authentication by exploiting TALOS-2021-1401 (CVE-2021-40390) by sending a specially crafted HTTP request to the targeted device. 

Cisco Talos worked with Moxa to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy

Users are encouraged to update these affected products as soon as possible: Moxa MXView Series, version 3.2.4 tested and confirmed these versions of MXview could be exploited by this vulnerability. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58459 and 58460. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.