CVE-2023-39979: MXsecurity Authentication Bypass
First published: Sat Sep 02 2023(Updated: )
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.
Credit: psirt@moxa.com psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Mxsecurity | <1.1.0 |
Remedy
Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below. * MXsecurity: Please upgrade to software v1.1.0 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39979?
CVE-2023-39979 is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication.
How can this vulnerability be exploited?
This vulnerability can be exploited by a remote attacker if the web service authenticator has insufficient random values.
What is the severity of CVE-2023-39979?
The severity of CVE-2023-39979 is critical with a CVSS score of 9.8.
What is the affected software of CVE-2023-39979?
The affected software is MXsecurity versions prior to 1.0.1.
How can I fix CVE-2023-39979?
To fix CVE-2023-39979, it is recommended to update MXsecurity to version 1.0.1 or above.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/moxa
- canonical/moxa mxsecurity