CVE-2020-13537
9.3
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Moxa | Moxa MXView Series 3.1.8 | affected |
Weaknesses
- CWE-276: CWE-276: Incorrect Default Permissions
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.