github - ghsa-628p-46mw-v4f9

GHSA-628P-46MW-V4F9

Vulnerability from github – Published: 2021-12-28 00:00 – Updated: 2022-01-08 00:00

Details

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-4161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-27T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.",
  "id": "GHSA-628p-46mw-v4f9",
  "modified": "2022-01-08T00:00:49Z",
  "published": "2021-12-28T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4161"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-4161 (GCVE-0-2021-4161)

Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-09-16 19:24

Title

ICSA-21-357-01 Moxa MGate Protocol Gateways

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Moxa

MGate MB3180 Series

Affected: all , < 2.2 (custom)

	Moxa	MGate MB3280 Series	Affected: all 4.1
	Moxa	MGate MB3480 Series	Affected: all 3.2

Credits

Parul Sindhwad, Anurag M. Chevendra, and Dr. Faruk Kazi of CoE-CNDS Lab; VJTI; and Mumbai-INDIA reported this vulnerability to Moxa.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "NA"
          ],
          "product": "MGate MB3180 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThan": "2.2",
              "status": "affected",
              "version": "all",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "NA"
          ],
          "product": "MGate MB3280 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "status": "affected",
              "version": "all 4.1"
            }
          ]
        },
        {
          "platforms": [
            "NA"
          ],
          "product": "MGate MB3480 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "status": "affected",
              "version": "all 3.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Parul Sindhwad, Anurag M. Chevendra, and Dr. Faruk Kazi of CoE-CNDS Lab; VJTI; and Mumbai-INDIA reported this vulnerability to Moxa."
        }
      ],
      "datePublic": "2021-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-27T18:48:19",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Moxa has developed the following mitigations to address this vulnerability.\n\nEnable \u2018HTTPS\u2019 and disable the HTTP console function under \u2018Console Settings\u2019\nMoxa also recommends users refer to Tech Note: Moxa Security Hardening Guide for MGate MB3000 Series"
        }
      ],
      "source": {
        "advisory": "ICSA-21-357-01",
        "discovery": "UNKNOWN"
      },
      "title": "ICSA-21-357-01 Moxa MGate Protocol Gateways",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-12-23T23:05:00.000Z",
          "ID": "CVE-2021-4161",
          "STATE": "PUBLIC",
          "TITLE": "ICSA-21-357-01 Moxa MGate Protocol Gateways"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MGate MB3180 Series",
                      "version": {
                        "version_data": [
                          {
                            "platform": "NA",
                            "version_affected": "\u003c",
                            "version_name": "all",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MGate MB3280 Series",
                      "version": {
                        "version_data": [
                          {
                            "platform": "NA",
                            "version_name": "all",
                            "version_value": "4.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MGate MB3480 Series",
                      "version": {
                        "version_data": [
                          {
                            "platform": "NA",
                            "version_name": "all",
                            "version_value": "3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Moxa"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Parul Sindhwad, Anurag M. Chevendra, and Dr. Faruk Kazi of CoE-CNDS Lab; VJTI; and Mumbai-INDIA reported this vulnerability to Moxa."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Moxa has developed the following mitigations to address this vulnerability.\n\nEnable \u2018HTTPS\u2019 and disable the HTTP console function under \u2018Console Settings\u2019\nMoxa also recommends users refer to Tech Note: Moxa Security Hardening Guide for MGate MB3000 Series"
          }
        ],
        "source": {
          "advisory": "ICSA-21-357-01",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-4161",
    "datePublished": "2021-12-27T18:48:19.982800Z",
    "dateReserved": "2021-12-23T00:00:00",
    "dateUpdated": "2024-09-16T19:24:13.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-628P-46MW-V4F9

CVE-2021-4161 (GCVE-0-2021-4161)

Tags

Sightings

Nomenclature