Vulnerability Details : CVE-2024-12297
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
Products affected by CVE-2024-12297
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2024-12297
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-12297
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.2
|
CRITICAL | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/V... |
N/A
|
N/A
|
Moxa Inc. | 2025-01-15 |
CWE ids for CVE-2024-12297
-
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.Assigned by: psirt@moxa.com (Secondary)
References for CVE-2024-12297
-
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series
-
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches
CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability Identified in PT Switches
Jump to