An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered.
Weakness
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Universal_bacnet_router_firmware | Mbs-solutions | * | 6.0.1.0 (excluding) |