VAR-201801-0524
Vulnerability from variot - Updated: 2023-12-18 12:37An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa MXView Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa MXView is a network management software for Moxa's configuration, monitoring and diagnostics of network devices in Industrial Ethernet. A privilege elevation vulnerability exists in Moxa MXview 2.8 and earlier. Moxa MXview is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mxview",
"scope": "lte",
"trust": 1.8,
"vendor": "moxa",
"version": "2.8"
},
{
"model": "mxview",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "2.8"
},
{
"model": "mxview",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.8"
},
{
"model": "mxview",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mxview",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:moxa:mxview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "102494"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14030",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-00906",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-104712",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14030",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14030",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-00906",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104712",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa MXView Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa MXView is a network management software for Moxa\u0027s configuration, monitoring and diagnostics of network devices in Industrial Ethernet. A privilege elevation vulnerability exists in Moxa MXview 2.8 and earlier. Moxa MXview is prone to a local privilege-escalation vulnerability. \nAttackers can exploit this issue to execute arbitrary code with elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-104712"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14030",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-011-02",
"trust": 3.4
},
{
"db": "BID",
"id": "102494",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-00906",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E155C0-39AB-11E9-ACC4-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99026",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-104712",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"id": "VAR-201801-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
}
],
"trust": 1.28988096
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
}
]
},
"last_update_date": "2023-12-18T12:37:03.038000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MXview",
"trust": 0.8,
"url": "https://www.moxa.com/product/mxview.htm"
},
{
"title": "Moxa MXview privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113407"
},
{
"title": "Moxa MXview Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-011-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14030"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14030"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
},
{
"trust": 0.3,
"url": "https://www.moxa.com/support/sarch_result.aspx?prod_id=622\u0026type_id=6\u0026type=soft"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-104712"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102494"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"date": "2018-01-12T20:29:00.213000",
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-104712"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102494"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"date": "2019-10-09T23:23:46.107000",
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102494"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa MXView Vulnerabilities related to unquoted search paths or elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…