CVE-2023-33236 – MXsecurity version 1.0 contains hardcoded crede... (How to Fix)

Q: What is the severity of CVE-2023-33236?

CVE-2023-33236 has a CVSS score of 9.8 (CRITICAL). MXsecurity version 1.0 contains hardcoded credentials that allow attackers to craft arbitrary JWT tokens and bypass authentication for web-based APIs. This affects all users running MXsecurity 1.0, enabling unauthorized access to sensitive systems and data.

📋 TL;DR

MXsecurity version 1.0 contains hardcoded credentials that allow attackers to craft arbitrary JWT tokens and bypass authentication for web-based APIs. This affects all users running MXsecurity 1.0, enabling unauthorized access to sensitive systems and data.

💻 Affected Systems

Products:

MXsecurity

Versions: Version 1.0

Operating Systems: Not specified, likely embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of MXsecurity 1.0 are vulnerable regardless of configuration.

📦 What is this software?

Mxsecurity by Moxa

View all CVEs affecting Mxsecurity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, access all data, and pivot to other network systems.

🟠

Likely Case

Unauthorized access to sensitive APIs, data exfiltration, and potential privilege escalation within the affected system.

🟢

If Mitigated

Limited impact if system is isolated, monitored, and access controls prevent lateral movement.

🌐 Internet-Facing: HIGH - Web-based APIs accessible from internet can be directly exploited without authentication.

🏢 Internal Only: HIGH - Internal attackers or compromised systems can exploit this to bypass authentication controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of hardcoded credentials but no authentication to initiate attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.1 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities

Restart Required: Yes

Instructions:

1. Download MXsecurity version 1.1 or later from Moxa support portal. 2. Backup current configuration. 3. Install the updated firmware. 4. Restart the device. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MXsecurity devices from internet and restrict network access to trusted IPs only.

API Access Restriction

all

Implement firewall rules to block external access to web-based APIs.

🧯 If You Can't Patch

Immediately isolate affected systems from internet and untrusted networks
Implement strict network monitoring for unusual API authentication patterns

🔍 How to Verify

Check if Vulnerable:

Check device version via web interface or CLI. If version is 1.0, system is vulnerable.

Check Version:

Check web interface System Information page or use device-specific CLI command

Verify Fix Applied:

Verify version is 1.1 or later and test authentication with invalid credentials to ensure rejection.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful API access
Unusual JWT token generation patterns
API access from unexpected IP addresses

Network Indicators:

Unencrypted JWT tokens in network traffic
API requests without proper authentication headers
Traffic to MXsecurity web interfaces from unauthorized sources

SIEM Query:

source="mxsecurity" AND (event_type="authentication" AND result="success" AND user="unknown") OR (http_method="POST" AND uri="/api/*" AND NOT authorization="Bearer *")

📊 Metadata

CVE ID: CVE-2023-33236

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: May 22, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33236, you might also want to check these: