CVE-2023-39982

MEDIUM Year: 2023
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-321
View all →

Vulnerability Description

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.

Related Vulnerabilities

CVE-2018-3825

MEDIUM
CVSS:5.9(Medium)

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, ...

CWE-3212018

CVE-2020-28391

MEDIUM
CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5....

CWE-3212020

CVE-2020-28395

MEDIUM
CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do no...

CWE-3212020

CVE-2024-1258

MEDIUM
CVSS:5.9(Medium)

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the compo...

CWE-3212024

CVE-2024-38314

MEDIUM
CVSS:5.9(Medium)

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

CWE-3212024

CVE-2024-47256

MEDIUM
CVSS:6.0(Medium)

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data wit...

CWE-3212024