PT-G503 Series Multiple Vulnerabilities

PT-G503 Series firmware version v5.2 and prior are affected by multiple vulnerabilities in the old version of jQuery, weak cipher suites, and unsecure web cookies. Using the older jQuery version and weak cipher suites and not setting session cookie attributes properly caused these vulnerabilities. These vulnerabilities could put your security at risk in many ways, such as Cross-site Scripting (XSS) attacks, prototype pollution, data leaks, unauthorized access to user sessions, etc.

The identified vulnerability types and potential impacts are shown below:

Item
Vulnerability Type
Impact

1

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)

CVE-2015-9251, CVE-2020-11022, CVE-2020-11023 (jQuery)

An attacker located remotely can insert HTML or JavaScript into the system via a web interface.

2

Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) (CWE-1321)

CVE-2019-11358 (jQuery)

An attacker can inject attributes that are used in other components.

3

Inadequate Encryption Strength (CWE-326)

CVE-2005-4900 (cipher)

An attacker may be able to decrypt the data using spoofing attacks.

4

Sensitive Cookie Without ‘HttpOnly’ Flag (CWE-1004)

CVE-2023-4217 (Cookie)

This vulnerability could cause security risks and allow unauthorized access to user session data.

5

Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute (CWE-614)

CVE-2023-5035 (Cookie)

This vulnerability could cause the cookie to be transmitted in plaintext over an HTTP session.

Vulnerability Scoring Details

ID
CVSS V3.1
VECTOR
REMOTE EXPLOIT WITHOUT AUTH?

CVE-2005-4900
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Yes

CVE-2015-9251
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Yes

CVE-2019-11358
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Yes

CVE-2020-11022
6.9
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Yes

CVE-2020-11023
6.9
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Yes

CVE-2023-4217
3.1
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Yes

CVE-2023-5035
3.1
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Yes

READ MORE