Details of VAR-202402-3319

ID

VAR-202402-3319

CVE

CVE-2024-0387

TITLE

MOXA EDS-4000/G4000 Series Security Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-41852

DESCRIPTION

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests. MOXA EDS-4000/G4000 Series is a series of industrial managed Ethernet switches from China's MOXA company. There is a security bypass vulnerability in MOXA EDS-4000/G4000 Series versions prior to 3.2

Trust: 1.44

sources: NVD: CVE-2024-0387 // CNVD: CNVD-2024-41852

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41852

AFFECTED PRODUCTS

vendor:

moxa

model:

eds-4000/g4000 series

scope:

version:

3.2

Trust: 0.6

sources: CNVD: CNVD-2024-41852

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@moxa.com:	CVE-2024-0387
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-41852
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-41852
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@moxa.com:	CVE-2024-0387
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	3.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-41852 // NVD: CVE-2024-0387

PROBLEMTYPE DATA

problemtype:

CWE-1188

Trust: 1.0

sources: NVD: CVE-2024-0387

PATCH

title:

Patch for MOXA EDS-4000/G4000 Series Security Bypass Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/601596

Trust: 0.6

sources: CNVD: CNVD-2024-41852

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0387	Trust: 1.6
db:	CNVD	id:	CNVD-2024-41852	Trust: 0.6

sources: CNVD: CNVD-2024-41852 // NVD: CVE-2024-0387

REFERENCES

url:

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0

Trust: 1.6

sources: CNVD: CNVD-2024-41852 // NVD: CVE-2024-0387

SOURCES

db:	CNVD	id:	CNVD-2024-41852
db:	NVD	id:	CVE-2024-0387

LAST UPDATE DATE

2024-10-29T23:37:58.447000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41852	date:	2024-10-28T00:00:00
db:	NVD	id:	CVE-2024-0387	date:	2024-10-28T07:15:07.497

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41852	date:	2024-10-28T00:00:00
db:	NVD	id:	CVE-2024-0387	date:	2024-02-26T16:27:49.890