Beware! Critical Flaw Found in Dover Fueling Solutions MAGLINK LX Web Console

CVECVE-2023-36497
CVSScvssV3_1: 8.8
SourceCVE-2023-36497

The Dover Fueling Solutions MAGLINK LX Web Console, used to remotely manage fuel dispensers and payment terminals, contains a privilege escalation vulnerability that could allow a low privileged guest user to gain admin access.

With versions 2.5.1 through 3.3 affected, this critical flaw has been assigned the identifier CVE-2023-36497 and carries a CVSS score of 8.8, meaning it is relatively easy to exploit and can result in complete system compromise.

By taking advantage of insufficient access controls, a malicious actor with only guest credentials could potentially elevate their privileges to administrator level through simple manipulation of requests to the web console interface. Once admin, they would have full control over all payment and fueling station functions.

To protect themselves, owners and operators of MAGLINK LX systems should immediately apply the latest software updates provided by Dover Fueling Solutions to patch this vulnerability. Version 3.4 is confirmed to have remediated the issue. Regular password changes and two-factor authentication can also make exploitation more difficult.

Until an update is installed, monitor guest user activities closely for any anomalous behavior. Given the high impact of a breach, prioritizing a update is strongly recommended to prevent potential financial losses or disruption of fueling operations.

References