Moxa NPort 5232-N Serial-to-Ethernet Device (All Versions) Web Console Authentication Bypass
Critical Nessus Network Monitor Plugin ID 9576
SynopsisThe detected Moxa NPort 5232-N device may be vulnerable to an Authentication Bypass attack vector.
DescriptionAll versions of Moxa NPort 5232-N Serial-to-Ethernet Device are affected by a flaw that is due to the program exposing UserId information in cookie parameters. This may allow a remote attacker to bypass authentication, and consequently modify settings and data. (CVE-2016-4503)
SolutionThe vendor discontinued this product in 2012, and it is no longer supported. No patch or upgrade is available to address the issue. If this product is still in use, it is recommended to replace it with a similar product that is still supported. If replacement is not an option, ensure that access to the product is restricted, both physically and virtually, to authorized users only.