CVE-2016-9344
Summary
| CVE | CVE-2016-9344 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-02-13 21:59:00 UTC |
| Updated | 2017-02-23 19:25:00 UTC |
| Description | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Moxa | Miineport E1 | - | All | All | All |
| Hardware | Moxa | Miineport E1 | - | All | All | All |
| Operating System | Moxa | Miineport E1 Firmware | All | All | All | All |
| Hardware | Moxa | Miineport E2 | - | All | All | All |
| Hardware | Moxa | Miineport E2 | - | All | All | All |
| Operating System | Moxa | Miineport E2 Firmware | All | All | All | All |
| Hardware | Moxa | Miineport E3 | - | All | All | All |
| Hardware | Moxa | Miineport E3 | - | All | All | All |
| Operating System | Moxa | Miineport E3 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Moxa MiiNePort Session Hijack Vulnerabilities | ICS-CERT | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| Multiple Moxa MiiNePort Products Information Disclosure and Security Bypass Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.