VARIoT IoT vulnerabilities database

On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS that could be exploited by an attacker to trigger a fatal error slapping through a BGP session to trigger a denial of service

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. Juniper Networks Junos MX Run on the series Junos OS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS MX that could be exploited by an attacker to trigger a fatal error through DNS filtering to trigger a denial of service

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases. Juniper Networks Junos OS Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, which can be exploited by an attacker to trigger a fatal error through IPSec spoofing packet SRX to trigger a denial of service

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2. Juniper Networks Junos OS Input confirmation vulnerabilityInformation is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS that could be exploited by an attacker to run code through the DHCPv6 relay agent

The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. Qualcomm QCMAP Software suite OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands

TEWA-600NGM is a telecom optical modem. TEWA-600NGM has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks. Windows for Citrix Gateway The plugin contains a vulnerability related to permission management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Citrix Systems Gateway (Citrix Systems NetScaler Gateway) is a set of secure remote access solutions from Citrix Systems. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. HUAWEI Mate 20 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HUAWEI Mate 20 is a smart phone launched by Huawei. The vulnerability stems from insufficient input validation. An attacker can use this vulnerability to implement code execution through a specially crafted Bluetooth message after successful pairing

Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG host. Any private keys logged in this way could be viewed by those with access to the DNG host operating system without any need for reversing encrypted values or similar techniques. An attacker that gained access to the DNG logs and with the ability to intercept and manipulate network traffic between a user and the DNG, could decrypt and manipulate SSL/TLS connections to the DNG and to the protected applications behind it. Duo Network Gateway (DNG) versions 1.3.3 through 1.5.7 are affected. Program SSL/TLS connections

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. Taurus-AN00B Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 (5G) Taurus-AN00B is the official firmware of Huawei Mate 30 (5G)

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. Windows for Citrix Gateway The plugin contains a vulnerability related to permission management.Information may be tampered with. Citrix Systems Gateway (Citrix Systems NetScaler Gateway) is a set of secure remote access solutions from Citrix Systems. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. HUAWEI Mate 20 Is vulnerable to injection.Information may be tampered with. Huawei Mate 20 is a smartphone of China's Huawei (Huawei) company

E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process. E6878-370 and E6878-870 Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Huawei E6878-370 is a portable 5G router from China's Huawei (Huawei) company. The vulnerability is caused by the system's failure to check when the user processes an event. Attackers can use the vulnerability to cause the process to restart

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20222 - Tracker bug for the EAP 7.3.4 release for RHEL-7 JBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.8 security update Advisory ID: RHSA-2020:5410-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:5410 Issue date: 2020-12-14 CVE Names: CVE-2020-25644 CVE-2020-25649 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat Data Grid 7.3.7 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644) * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.8 server patch from the customer portal. See the download link in the References section. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.8 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 5. References: https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9emjtzjgjWX9erEAQiNVxAAi0ep0/wcoyArgPwQSXS3a2JePbmC2VKe /29gx/nj70agJX62B9b5iA+UbbLsYuowH4UKcYII/cD4KWgPjk+G8TdGov2kWy9P OFtQvhP8f9reSlSWfEjzoMlTGfaUIg6xRsP6ClWpBr76xTxb/w07tGX8j1Mn9qjC s29Nfz8lYxWyDNhnUsnPNacDB7qIrHrv38eRqTn+jimZLrXtR8ktJWOmN96XRyIZ iuCkvpGOimVXugkqgITY6f0HYHFYOq6c05Q0M8sShz526l/ewnUpv0PtZzTwyCU6 OzyV5tcF/4VAHF7l/WoLV8R+jdXnq3Zqd1gx509Bwkg4VMNSXB0qBT7ldKmuYrBg BUvErN/LQ27g9kkKnQrLWWlxHTs687KxmNhGn9uKMzO0iBFq4/pt/aVh/RoAkO3H NnZ2SD6t3UAsyVZ/xeVENhzn5+0JT7qhtjwmtKy7PI04B/ikO37lJ4x9lNhhdevt DAuK/qiTTu7467v9V2g3dA8ke+2LVmITNNKrGxXcEvxdhA+m1dnzmzD1h3r8Rm2h NFF0zQlORj+DVQN7rbhx2bN62/C2z5R2J2OjOWZxlME9qste6cwGan3Z/r1xQUmp TXbH4S9aJsggZ6nfdRuWxvvLujiy7hniBPWVKGRx2Po1GawHflK2bA61zDeTesg4 QPDe2x7xQHE=DiHA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue. Windows Logon installer Is vulnerable to handling exceptional conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. The Duo Authentication Windows Logon and RDP implementation has a security vulnerability that stems from a privilege escalation vulnerability in the two-factor authentication implemented

An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. LAquis SCADA is a set of SCADA software for monitoring and data acquisition. Versions prior to LAquis SCADA 4.3.1.870 have an out-of-bounds read vulnerability

The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has weak password requirement vulnerability. No detailed vulnerability details are currently provided. A remote attacker could exploit this vulnerability to launch further attacks on the system

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The firmware of MOXA NPort IAW5000A-I/O Series 2.1 and earlier has a vulnerability in the plaintext transmission of sensitive information. Attackers can use this vulnerability to obtain sensitive information

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The vulnerability stems from the built-in Web server allowing SSH/Telnet sessions

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information