Cookie Without Secure Flag

CVE-2023-5035

3.1LOW

Key Information

Vendor: Moxa
Status: Pt-g503 Series
Vendor: CVE Published:; 2 November 2023

Summary

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

Affected Version(s)

PT-G503 Series <= 5.2

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 5.3 to: 3.1 - (LOW)
Sep 5, 2024
Vulnerability published.
Nov 2, 2023
Vulnerability Reserved.
Sep 18, 2023

Collectors

NVD DatabaseMitre Database