An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00212
Percentile:
0.43939
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
-
CWE-295
: Improper Certificate Validation
All CAPEC(s)
-
CAPEC-459: Creating a Rogue Certification Authority Certificate
-
CAPEC-475: Signature Spoofing by Improper Validation
CAPEC(s) with Mapped TTPs
Mapped ATT&CK TTPs
Affected Products
- cpe:2.3:a:hybridgroup:gobot:*:*:*:*:*:*:*:*
← Back to Home