Vulnerability Description
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prosoft-Technology | Icx35-Hwc Firmware | < 1.3 |
| Prosoft-Technology | Icx35-Hwc | - |
Related Weaknesses (CWE)
References
- https://assets.belden.com/m/1281cac2c9e90abf/original/Security-Bulletin-AuthentiVendor Advisory
- https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-authenticationThird Party Advisory
FAQ
What is CVE-2017-20235?
CVE-2017-20235 is a vulnerability with a CVSS score of 9.1 (CRITICAL). ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to ad...
How severe is CVE-2017-20235?
CVE-2017-20235 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-20235?
Check the references section above for vendor advisories and patch information. Affected products include: Prosoft-Technology Icx35-Hwc Firmware, Prosoft-Technology Icx35-Hwc.