CVE-2019-5165
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.
Se presenta una vulnerabilidad de omisión de autenticación explotable en el procesamiento del hostname de Moxa AWK-3131A versión de firmware 1.13. Un hostname de dispositivo especialmente configurado puede causar que el dispositivo interprete el tráfico remoto seleccionado como tráfico local, resultando en la omisión de la autenticación web. Un atacante puede enviar peticiones SNMP autenticadas para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2020-02-25 CVE Published
- 2023-06-30 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0960 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moxa Search vendor "Moxa" | Awk-3131a Firmware Search vendor "Moxa" for product "Awk-3131a Firmware" | 1.13 Search vendor "Moxa" for product "Awk-3131a Firmware" and version "1.13" | - |
Affected
| in | Moxa Search vendor "Moxa" | Awk-3131a Search vendor "Moxa" for product "Awk-3131a" | - | - |
Safe
|