Phoenix Contact FL SWITCH 远程认证绕过与信息泄露漏洞 (CVE-2017-16743)

关键信息 漏洞概述 标题: PHOENIX CONTACT FL SWITCH CVSS v3: 9.8 Alert Code: ICSA-18-011-03 漏洞详情 ATTENTION: Remotely exploitable/low skill level to exploit. Vulnerabilities: Improper Authorization, Information Exposure Vendor: PHOENIX CONTACT Equipment: FL SWITCH 影响 IMPACT: Successful exploitation can allow unauthenticated remote attackers to gain administrative privileges and expose information to unauthenticated users. 缓解措施 MITIGATION: Upgrade to firmware Version 1.33 or higher. Links provided for various FL SWITCH models. 漏洞概述 Improper Authorization (CWE-285) - CVSS v3 Base Score: 9.8 - Vulnerability allows for bypassing web-service authentication. - CVE-2017-16743 assigned. Information Exposure (CWE-200) - CVSS v3 Base Score: 5.3 - Vulnerability allows reading of diagnostic information in Monitor Mode. - CVE-2017-16741 assigned. 研究人员 Ilya Karpov and Evgeniy Druzhinin of Positive Technologies discovered the vulnerabilities. 供应商 PHOENIX CONTACT 漏洞防御 Minimize network exposure. Use secure methods for remote access, such as VPNs.

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Phoenix Contact FL SWITCH 远程认证绕过与信息泄露漏洞 (CVE-2017-16743)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！