Vulnerability Details : CVE-2016-9344
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
Products affected by CVE-2016-9344
- cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9344
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9344
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-9344
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9344
-
http://www.securityfocus.com/bid/94783
Multiple Moxa MiiNePort Products Information Disclosure and Security Bypass VulnerabilitiesThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01
Moxa MiiNePort Session Hijack Vulnerabilities | CISAThird Party Advisory;US Government Resource
Jump to