As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Multiple Moxa Product Series Affected by CVE-2024-6387

  • Security Advisory ID: MPSA-246387
  • Version: V1.5
  • Release Date: Aug 02, 2024
  • Reference:

    CVE-2024-6387 (NVD)

Multiple Moxa products are affected by the CVE-2024-6387 OpenSSH vulnerability. CVE-2024-6387 is a remote unauthenticated code execution vulnerability in OpenSSH, specifically related to a race condition in the OpenSSH server (sshd). The issue arises when a client fails to authenticate within the LoginGraceTime period (default is 120 seconds, or 600 seconds in older OpenSSH versions). In this case, the sshd’s SIGALRM signal handler is invoked asynchronously. However, this signal handler calls several functions that are unsafe to use in asynchronous signal contexts, such as syslog().


The identified vulnerability types and potential impacts are listed below:

Item Vulnerability Type Impact
1

Signal Handler Race Condition (CWE-364)  

CVE-2024-6387

This vulnerability allows attackers to execute arbitrary code with root privileges on vulnerable systems without authentication.

Vulnerability Scoring Details 

ID
CVSS
Vector

Unauthenticated Remote Exploit

CVE-2024-6387

8.8

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Yes
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are listed below.

Product Series Affected Versions
EDR-8010 Series Firmware version 3.6 and earlier versions
EDR-G9010 Series Firmware version 3.6 and earlier versions
OnCell G4302-LTE4 Series Firmware version 3.9 and earlier versions
AWK-3251A-RCC Series Firmware version 1.0
EDR-810 Series Firmware version 5.12 and earlier versions
AWK-1151C Series Firmware version 3.2 and earlier versions
AWK-1161A Series Firmware version 1.0
AWK-1161C Series Firmware version 1.0
AWK-1165A Series Firmware version 1.0
AWK-1165C Series Firmware version 1.0
AWK-3252A Series Firmware version 3.2 and earlier versions
AWK-4252A Seires Firmware version 3.2 and earlier versions
MXsecurity Series Firmware version 2.1.0 and earlier versions
TN-4900 Series Firmware version 3.6 and earlier versions

 

Solutions:

Moxa has developed appropriate solutions to address vulnerability. The solutions for affected products are listed below.

Product Series Solutions
EDR-8010 Series Upgrade to the firmware version 3.12
EDR-G9010 Series Upgrade to the firmware version 3.12
OnCell G4302-LTE4 Series Upgrade to the firmware version 3.13
AWK-3251A-RCC Series Please contact Moxa Technical Support for the security patch
EDR-810 Series Upgrade to the firmware version 5.12.33
AWK-1151C Series Please contact Moxa Technical Support for the security patch
AWK-1161A Series Please contact Moxa Technical Support for the security patch
AWK-1161C Series Please contact Moxa Technical Support for the security patch
AWK-1165A Series Please contact Moxa Technical Support for the security patch
AWK-1165C Series Please contact Moxa Technical Support for the security patch
AWK-3252A Series Please contact Moxa Technical Support for the security patch
AWK-4252A Seires Please contact Moxa Technical Support for the security patch
MXsecurity Series Upgrade to the firmware version 2.2.0 via the Moxa Software Licensing Portal
TN-4900 Series Upgrade to the firmware version 3.13

 

Mitigation:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
  • Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release August 2, 2024
1.1 Updated the solutions for the affected product, OnCell G4302-LTE4 Series. August 9, 2024
1.2 Updated the affected products and solutions, AWK-3251A-RCC Series. August 23, 2024
1.3 Updated the affected products and solutions, EDR-810 Series. September 10, 2024
1.4 Updated the affected products and solutions, AWK-1151C Series, AWK-1161A Series, AWK-1161C Series, AWK-1165A Series, AWK-1165C Series, AWK-3252A Series, and AWK-4252A Series September 18, 2024
1.5 Updated the affected products and solutions, MXsecurity, TN-4900, and OnCell G4302-LTE4 Series. October 11, 2024

Relevant Products

AWK-1151C Series · AWK-1161A Series · AWK-1161C Series · AWK-1165A Series · AWK-1165C Series · AWK-3251A-RCC Series · AWK-3252A Series · AWK-4252A Series · EDR-8010 Series · EDR-810 Series · EDR-G9010 Series · MXsecurity Series · OnCell G4302-LTE4 Series · TN-4900 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback