CVE-2023-5035 Vulnerability Details

  /     /     /  

CVE-2023-5035 Metadata Quick Info

CVE Published: 02/11/2023 | CVE Updated: 05/09/2024 | CVE Year: 2023
Source: Moxa | Vendor: Moxa | Product: PT-G503 Series
Status : PUBLISHED

---

CVE-2023-5035 Description

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

Metrics

CVSS Version: 3.1 | Base Score: 3.1 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-614
CWE Name: CWE-614: Sensitive Cookie in HTTPS Session Without Secure Attribute
Source: Moxa

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-102
CAPEC Description: CAPEC-102: Session Sidejacking


Source: NVD (National Vulnerability Database).