CVE-2023-29116
📋 TL;DR
This vulnerability allows unauthenticated attackers to obtain sensitive information from Waybox Enel X web management applications, including OS version and service configuration details. It affects Waybox 3 devices running vulnerable web management interfaces. This information disclosure could facilitate further attacks against these systems.
💻 Affected Systems
- Waybox 3
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could obtain configuration details that reveal network architecture, authentication mechanisms, or other sensitive information that could be used to launch more severe attacks against the system or connected infrastructure.
Likely Case
Attackers gather system information like OS version and service configurations, which could be used for reconnaissance to identify other vulnerabilities or plan targeted attacks.
If Mitigated
With proper network segmentation and access controls, the impact is limited to information disclosure without enabling further compromise.
🎯 Exploit Status
The vulnerability requires specific conditions but appears to be exploitable without authentication through web requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in bulletin, but security updates are available
Vendor Advisory: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Restart Required: Yes
Instructions:
1. Download the latest security update from Enel X support portal. 2. Apply the update to affected Waybox 3 devices. 3. Restart the devices to complete the installation.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict access to Waybox web management interface to trusted networks only
Firewall Rules
allImplement firewall rules to block external access to Waybox management ports
🧯 If You Can't Patch
- Isolate Waybox devices on separate network segments with strict access controls
- Implement network monitoring for unusual requests to Waybox management interfaces
🔍 How to Verify
Check if Vulnerable:
Test if unauthenticated requests to Waybox web interface return OS version or configuration details that should not be publicly accessibleCheck Version:
Check device firmware version through web interface or device management consoleVerify Fix Applied:
After applying updates, verify that unauthenticated requests no longer return sensitive system information📡 Detection & Monitoring
Log Indicators:
- Unusual requests to Waybox web management endpoints
- Multiple failed authentication attempts followed by information disclosure requests
Network Indicators:
- Unusual traffic patterns to Waybox management ports from untrusted sources
- HTTP requests to sensitive endpoints without authentication
SIEM Query:
source_ip NOT IN trusted_networks AND dest_port IN (80,443,8080) AND dest_ip IN waybox_devices AND http_path CONTAINS '/management' OR '/config'