- What is the severity of CVE-2024-32943?
- CVE-2024-32943 has been scored as a high severity vulnerability.
- How to fix CVE-2024-32943?
- As a workaround for remediating CVE-2024-32943: Westermo advises users to disable HTTP access to the WebGUI and instead use HTTPS instead. This change will secure the credentials and session IDs, effectively nullifying the exploits described. To mitigate the risk of a denial-of-service attack through continuous login attempts, Westermo recommends disabling access to the device's WebGUI on external communication interfaces. For devices in production environments, disabling the WebGUI is suggested if possible. Westermo suggests limiting access to the device's CLI on external communication interfaces to prevent SSH DOS attacks through repeated login attempts. Westermo will keep users updated on any further enhancements.
- Is CVE-2024-32943 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2024-32943 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2024-32943?
- CVE-2024-32943 affects Westermo L210-F2G Lynx.