Share This:

Cybersecurity Threat AdvisoryMoxa has issued a security advisory highlighting critical authorization vulnerabilities in several switch models, tracked as CVE-2024-12297, with a CVSS score of 9.2. Review the details of this Cybersecurity Threat Advisory to understand how to mitigate the impact of authentication bypass.

What is the threat?

Authentication bypass occurs due to underlying flaws in the software code, which can be uncovered through reverse engineering or exploiting vulnerabilities. These flaws target weaknesses in the protocols running on an application, ultimately allowing attackers to bypass the authentication process.

Why is it noteworthy?

In this case, the attack targets the authorization mechanism responsible for validating session IDs and cryptographic hashes. Exploiting this flaw enables attackers to brute-force credentials, access sensitive device data, or forge authentication tokens to gain privileged access. Any account restrictions, such as multi-factor authentication, can be bypassed. Once the attacker controls the network switch, further attacks on connected systems can be initiated.

What is the exposure or risk?

The firmware versions affected by these flaws include:

  • PT-508 Series, PT-510 Series (Firmware version 3.8 and earlier)
  • PT-7528 Series (Firmware version 5.0 and earlier)
  • PT-7728 Series (Firmware version 3.9 and earlier)
  • PT-7828 Series (Firmware version 4.0 and earlier)
  • PT-G503 Series (Firmware version 5.3 and earlier)
  • PT-G510 Series, PT-G7828 Series, PT-G7728 Series (Firmware version 6.5 and earlier)
  • PT-G510 Series (Firmware version 6.5 and earlier)
  • PT-G7728 Series (Firmware version 6.5 and earlier)
  • PT-G7828 Series (Firmware version 6.5 and earlier)

What are the recommendations?

Barracuda recommends the following actions to limit the impact of authentication bypass attacks:

  • Keep network devices up-to-date.
  • Ensure that only remote workers are allowed the required subnets.
  • Disable default admin accounts if not needed.
  • Restrict access to sensitive login portals from the WAN.
  • Review network access privileges and ensure multi-factor authentication (MFA) is enabled for all accounts on network devices managed remotely via VPN.

Reference

For more in-depth information about the recommendations, please visit the following link:

 

If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.


Share This:
Owen Kenny

Posted by Owen Kenny

Owen is a Cybersecurity Analyst at Barracuda. He's a security expert, working on our Blue Team within our Security Operations Center. Owen supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *