Moxa MXsecurity Series Hard-coded JWT Key Authentication Bypass (CVE-2023-33236)

Main / Moxa MXsecurity Series Hard-coded JWT Key Authentication Bypass (CVE-2023-33236)

Discription

The Moxa MXsecurity Series running on the remote host uses a hard-coded JWT key. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass authentication to perform otherwise restricted operations.Read More

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33236 https://www.cisa.gov/news-events/ics-advisories/icsa-23-145-01 http://www.nessus.org/u?4f82dc80

Back to Main

Subscribe for the latest news: