mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
238 lines
6.7 KiB
JSON
238 lines
6.7 KiB
JSON
{
|
|
"id": "CVE-2016-5804",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2016-07-15T16:59:14.347",
|
|
"lastModified": "2021-07-16T15:08:40.830",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Moxa MGate MB3180 en versiones anteriores a 1.8, MGate MB3280 en versiones anteriores a 2.7, MGate MB3480 en versiones anteriores a 2.6, MGate MB3170 en versiones anteriores a 2.5 y MGate MB3270 en versiones anteriores a 2.7 usa encriptaci\u00f3n d\u00e9bil, lo que permite a atacantes remotos eludir autenticaci\u00f3n a trav\u00e9s de una serie de conjeturas de fuerza-bruta para un valor de par\u00e1metro."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-326"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:moxa:mgate_mb3180_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "1.8",
|
|
"matchCriteriaId": "54BDF768-67A6-4FA7-AA9B-7A0787F550D8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:moxa:mgate_mb3180:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EF77C838-FB6C-4A55-B5E5-FA4DDE11F3BA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:moxa:mgate_mb3280_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.7",
|
|
"matchCriteriaId": "ADE291CE-B3AD-446E-9637-E82671D2CEB0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:moxa:mgate_mb3280:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ECB8238C-7B72-4EEB-A656-090B3E8978D4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:moxa:mgate_mb3480_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6",
|
|
"matchCriteriaId": "CDB9FC92-AF70-4113-9310-A7C485A64359"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:moxa:mgate_mb3480:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3BEC8167-9069-4DA5-9281-C43AD60CD675"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:moxa:mgate_mb3170_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.5",
|
|
"matchCriteriaId": "ACCD3F39-7DDF-4783-AB01-438FE0A68F43"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:moxa:mgate_mb3170:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BBCA36D6-849E-4F19-A9B8-3BF9F65BB325"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:moxa:mgate_mb3270_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.7",
|
|
"matchCriteriaId": "B901791F-7BAE-492B-806A-9DC9DB2FF31F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:moxa:mgate_mb3270:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9C8A844A-71EB-4A4F-87BD-AA7962553B99"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/91777",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |