The following two vulnerabilities affect the NPort 6000 Series and Windows driver manager. An attacker may perform a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager.
CVE-2022-43993
The Windows driver manager software does not perform any certificate verification.
CVE-2022-43994
There is no client certificate verification/authentication performed on the secure connection.
The identified vulnerability types and potential impacts are shown below:
Item |
Vulnerability Type |
Impact |
1 |
Improper Certificate Validation (CWE-295)
CVE-2022-43993
|
The Windows driver manager software does not perform any certificate verification. An attacker may execute a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager. |
2 |
Improper Certificate Validation (CWE-295)
CVE-2022-43994
|
There is no client certificate verification/authentication performed on the secure connection. An attacker may perform a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager. |