cnvd - cnvd-2019-43363

CNVD-2019-43363

Vulnerability from cnvd - Published: 2019-12-02

Title

Moxa EDR-810远程代码执行漏洞

Description

Moxa EDR-810是一款高度集成的工业多端口安全路由器，具有防火墙/NAT/VPN及托管型第2层交换机功能。 Moxa EDR-810 5.1及更早版本存在远程代码执行漏洞。该漏洞源于该产品允许认证攻击者滥用ping功能，从而可在路由器上执行未经授权的命令。攻击者可利用该漏洞实现远程代码执行。

Severity

中

Patch Name

Moxa EDR-810远程代码执行漏洞的补丁

Patch Description

Moxa EDR-810是一款高度集成的工业多端口安全路由器，具有防火墙/NAT/VPN及托管型第2层交换机功能。 Moxa EDR-810 5.1及更早版本存在远程代码执行漏洞。该漏洞源于该产品允许认证攻击者滥用ping功能，从而可在路由器上执行未经授权的命令。攻击者可利用该漏洞实现远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=48041

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-10969

Impacted products

Name
MOXA EDR-810 <=5.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10969",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-10969"
    }
  },
  "description": "Moxa EDR-810\u662f\u4e00\u6b3e\u9ad8\u5ea6\u96c6\u6210\u7684\u5de5\u4e1a\u591a\u7aef\u53e3\u5b89\u5168\u8def\u7531\u5668\uff0c\u5177\u6709\u9632\u706b\u5899/NAT/VPN\u53ca\u6258\u7ba1\u578b\u7b2c2\u5c42\u4ea4\u6362\u673a\u529f\u80fd\u3002\n\nMoxa EDR-810 5.1\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u4ea7\u54c1\u5141\u8bb8\u8ba4\u8bc1\u653b\u51fb\u8005\u6ee5\u7528ping\u529f\u80fd\uff0c\u4ece\u800c\u53ef\u5728\u8def\u7531\u5668\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=48041",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43363",
  "openTime": "2019-12-02",
  "patchDescription": "Moxa EDR-810\u662f\u4e00\u6b3e\u9ad8\u5ea6\u96c6\u6210\u7684\u5de5\u4e1a\u591a\u7aef\u53e3\u5b89\u5168\u8def\u7531\u5668\uff0c\u5177\u6709\u9632\u706b\u5899/NAT/VPN\u53ca\u6258\u7ba1\u578b\u7b2c2\u5c42\u4ea4\u6362\u673a\u529f\u80fd\u3002\r\n\r\nMoxa EDR-810 5.1\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u4ea7\u54c1\u5141\u8bb8\u8ba4\u8bc1\u653b\u51fb\u8005\u6ee5\u7528ping\u529f\u80fd\uff0c\u4ece\u800c\u53ef\u5728\u8def\u7531\u5668\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa EDR-810\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "MOXA EDR-810 \u003c=5.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-10969",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-09",
  "title": "Moxa EDR-810\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2019-10969 (GCVE-0-2019-10969)

Vulnerability from cvelistv5 – Published: 2019-10-08 18:41 – Updated: 2024-08-04 22:40

Summary

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.

Severity ?

No CVSS data available.

CWE

CWE-20 - IMPROPER INPUT VALIDATION CWE-20

Assigner

icscert

References

URL

Tags

	https://www.us-cert.gov/ics/advisories/icsa-19-274-03	x_refsource_MISC
	http://packetstormsecurity.com/files/154943/Moxa-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Moxa EDR 810	Affected: All versions 5.1 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Moxa EDR 810",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions 5.1 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "IMPROPER INPUT VALIDATION CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-23T19:06:27",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Moxa EDR 810",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions 5.1 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER INPUT VALIDATION CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
            },
            {
              "name": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10969",
    "datePublished": "2019-10-08T18:41:28",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-43363

CVE-2019-10969 (GCVE-0-2019-10969)

Tags

Sightings

Nomenclature