CVE-2023-5035: Cookie Without Secure Flag
First published: Thu Nov 02 2023(Updated: )
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Moxa Eds-g503 Firmware | <5.2 | |
| Moxa Eds-g503 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-5035.
What is the severity level of CVE-2023-5035?
The severity level of CVE-2023-5035 is medium (5.3).
How does the vulnerability in CVE-2023-5035 affect the affected software?
The vulnerability in CVE-2023-5035 affects PT-G503 Series firmware versions prior to v5.2.
What is the risk associated with the vulnerability in CVE-2023-5035?
The vulnerability in CVE-2023-5035 may lead to security risks.
How can I fix the vulnerability in CVE-2023-5035?
To fix the vulnerability in CVE-2023-5035, update the PT-G503 Series firmware to version 5.2 or above.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/title
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/moxa
- canonical/moxa eds-g503 firmware
- canonical/moxa eds-g503