CVE-2017-20235

Summary

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.

Affected Software

VendorProductVersion RangeStatus
ProSoft TechnologyICX35-HWC Cellular Gateway0 <= 1.3affected

Weaknesses

  • CWE-287: Improper Authentication (CWE-287)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References