CVE-2020-13537

9.3CRITICAL

Key Information

Vendor: Moxa
Status: Moxa
Vendor: CVE Published:; 5 November 2020

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.

Affected Version(s)

Moxa = Moxa MXView Series 3.1.8

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: 7.8 to: 9.3 - (CRITICAL)
Feb 22, 2024
Vulnerability published.
Nov 5, 2020
Vulnerability Reserved.
May 26, 2020

Collectors

NVD DatabaseMitre Database