Vulnerability CVE-2017-14030


Published: 2018-01-12

Description:
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

Type:

CWE-428

(Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
MOXA -> Mxview 

 References:
http://www.securityfocus.com/bid/102494
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02

Copyright 2022, cxsecurity.com

 

Back to Top