- What is the severity of CVE-2024-37183?
- CVE-2024-37183 has been scored as a medium severity vulnerability.
- How to fix CVE-2024-37183?
- As a workaround for remediating CVE-2024-37183: Westermo advises users to disable HTTP access to the WebGUI and instead use HTTPS instead. This change will secure the credentials and session IDs, effectively nullifying the exploits described. To mitigate the risk of a denial-of-service attack through continuous login attempts, Westermo recommends disabling access to the device's WebGUI on external communication interfaces. For devices in production environments, disabling the WebGUI is suggested if possible. Westermo suggests limiting access to the device's CLI on external communication interfaces to prevent SSH DOS attacks through repeated login attempts. Westermo will keep users updated on any further enhancements.
- Is CVE-2024-37183 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2024-37183 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2024-37183?
- CVE-2024-37183 affects Westermo L210-F2G Lynx.