Details of VAR-202311-0293

ID

VAR-202311-0293

CVE

CVE-2023-4217

TITLE

Moxa Inc. of eds-g503 Vulnerability to disclosure of resources to the wrong area in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-016050

DESCRIPTION

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. Moxa Inc. of eds-g503 There is a resource disclosure vulnerability in the wrong area in firmware.Information may be obtained. MOXA PT-G503 is a series of Layer 2 managed switches from China's MOXA company

Trust: 2.25

sources: NVD: CVE-2023-4217 // JVNDB: JVNDB-2023-016050 // CNVD: CNVD-2024-16841 // VULMON: CVE-2023-4217

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-16841

AFFECTED PRODUCTS

vendor:	moxa	model:	eds-g503	scope:	lt	version:	5.2	Trust: 1.0
vendor:	moxa	model:	eds-g503	scope:	eq	version:	eds-g503 firmware 5.2	Trust: 0.8
vendor:	moxa	model:	eds-g503	scope:	eq	version:	-	Trust: 0.8
vendor:	moxa	model:	eds-g503	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	pt-g503	scope:	lt	version:	5.2	Trust: 0.6

sources: CNVD: CNVD-2024-16841 // JVNDB: JVNDB-2023-016050 // NVD: CVE-2023-4217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-4217
value:	MEDIUM
Trust: 1.0
psirt@moxa.com:	CVE-2023-4217
value:	LOW
Trust: 1.0
NVD:	CVE-2023-4217
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-16841
value:	LOW
Trust: 0.6

CNVD:	CNVD-2024-16841
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-4217
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
psirt@moxa.com:	CVE-2023-4217
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2023-4217
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-16841 // JVNDB: JVNDB-2023-016050 // NVD: CVE-2023-4217 // NVD: CVE-2023-4217

PROBLEMTYPE DATA

problemtype:	CWE-1004	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-016050 // NVD: CVE-2023-4217

PATCH

title:

Patch for MOXA PT-G503 Unauthorized Access Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/539896

Trust: 0.6

sources: CNVD: CNVD-2024-16841

EXTERNAL IDS

db:	NVD	id:	CVE-2023-4217	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-016050	Trust: 0.8
db:	CNVD	id:	CNVD-2024-16841	Trust: 0.6
db:	VULMON	id:	CVE-2023-4217	Trust: 0.1

sources: CNVD: CNVD-2024-16841 // VULMON: CVE-2023-4217 // JVNDB: JVNDB-2023-016050 // NVD: CVE-2023-4217

REFERENCES

url:	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230203-pt-g503-series-multiple-vulnerabilities	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-4217	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-16841 // VULMON: CVE-2023-4217 // JVNDB: JVNDB-2023-016050 // NVD: CVE-2023-4217

SOURCES

db:	CNVD	id:	CNVD-2024-16841
db:	VULMON	id:	CVE-2023-4217
db:	JVNDB	id:	JVNDB-2023-016050
db:	NVD	id:	CVE-2023-4217

LAST UPDATE DATE

2024-08-14T14:30:10.319000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-16841	date:	2024-04-07T00:00:00
db:	VULMON	id:	CVE-2023-4217	date:	2023-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-016050	date:	2023-12-28T06:58:00
db:	NVD	id:	CVE-2023-4217	date:	2023-11-09T19:47:38.290

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-16841	date:	2024-04-07T00:00:00
db:	VULMON	id:	CVE-2023-4217	date:	2023-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-016050	date:	2023-12-28T00:00:00
db:	NVD	id:	CVE-2023-4217	date:	2023-11-02T17:15:11.610