CVE-2020-13536

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.

Affected Software

VendorProductVersion RangeStatus
n/aMoxaMoxa MXView Series 3.1.8affected

Weaknesses

  • CWE-276: CWE-276: Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References