Moxa, a Taiwanese technology company, has released a crucial security update aimed at resolving an authentication bypass vulnerability that affects its PT series switches. This flaw allows malicious actors to circumvent authentication, posing significant risks to network security.
The vulnerability is identified as CVE-2024-12297, and it has received a critical CVSS v4 score of 9.2, highlighting the severe implications of this issue. In a recent advisory, Moxa outlined the nature of the vulnerability, indicating that numerous PT switches are impacted due to weaknesses in their authorization processes.
Despite intrinsic security measures such as client-side and back-end server verification, attackers might exploit these vulnerabilities, leading to brute-force credential exploitation or MD5 collision attacks to fabricate authentication hashes. Such breaches can compromise device security significantly.
Exploitation of this vulnerability enables unauthorized access to sensitive configurations or the potential disruption of services, which could have far-reaching ramifications for enterprises relying on these devices for network operations.
The flaw affects several PT switch models, notably the PT-508, PT-510, PT-7528, PT-7728, PT-7828, PT-G503, PT-G510, PT-G7728, and PT-G7828 series, with various firmware versions being susceptible. Organizations utilizing these affected products are urged to take action, as failure to apply the latest patches could leave their systems vulnerable.
Patches are made available through Moxa’s technical support team. The company has acknowledged the efforts of security researcher Artem Turyshev from Rosatom Automated Control Systems for reporting the vulnerability.
In addition to implementing the patches, expert recommendations suggest restricting network access through firewalls and access control lists, enforcing network segmentation, minimizing exposure to the internet, utilizing multi-factor authentication for critical systems, and closely monitoring network traffic for any unusual activities.
This vulnerability comes on the heels of previous issues reported by Moxa, including two significant vulnerabilities affecting cellular routers and network security appliances, which could allow privilege escalation and command execution. The company has continuously been working to fortify its products against emerging threats.
In the context of the MITRE ATT&CK framework, this vulnerability aligns with tactics such as initial access and privilege escalation, highlighting the need for organizations to sharpen their security postures in light of evolving adversary techniques. Business owners must be vigilant in safeguarding their networks against such vulnerabilities to maintain the integrity and availability of their operations.
