CVE-2023-39983

low-risk
Published 2023-09-02

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Mxsecurity

Affected Vendors

Moxa

References (2)

Patch https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mx...
Patch https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mx...
27
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal