Multiple Vulnerabilities in Moxa PT-7528 and PT-7828 Series Ethernet Switches Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2020-028
Date(s) Issued: 
Thursday, February 27, 2020
Subject: 
Multiple Vulnerabilities in Moxa PT-7528 and PT-7828 Series Ethernet Switches Could Allow for Arbitrary Code Execution
Overview: 

Multiple vulnerabilities have been discovered in Moxa PT-7528 and PT-7828 Series Ethernet Switches, the most severe of which could allow for arbitrary code execution. Moxa PT-7528 and PT-7828 Series Ethernet Switches are high performance layer 3 switches which are used to facilitate the routing and forwarding of traffic within a network. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context of the appliance.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 
  • PT-7528 Series Firmware Version 4.0 or lower
  • PT-7828 Series Firmware Version 3.9 or lower
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
N/A
Description: 

Multiple vulnerabilities have been discovered in Moxa PT-7528 and PT-7828 Series Ethernet Switches, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • Stack-based buffer overflow (CWE-121)
  • Information disclosure due to usage of weak cryptographic algorithm (CWE-327)
  • Information disclosure due to weak implementation of cryptographic function (CWE-327)
  • Usage of a hard-coded cryptographic key (CWE-321)
  • Usage of a hard-coded password which enables access without proper authentication (CWE-321)
  • Weak Password Requirements which enables credential retrieval via brute-force (CWE-521)
  • Information Exposure (CWE-200)

Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context of the appliance.

Actions: 
  • After appropriate testing, immediately apply the stable updates provided by Moxa to vulnerable systems.
  • Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
  • Apply the Principle of Least Privilege to all systems and services.
References: 

Moxa:
https://www.moxa.com/en/support/support/security-advisory/pt-7528-7828-e...

Office of Information Technology Services

Other Information

Language Access

Register to Vote

Sign up online or download and mail your application. Register Now