The vulnerability of the Moxa MXView network control software is related to incorrect default access permissions settings, which allow a malicious user to execute arbitrary commands with privileges of a system user.

🗓️ 12 Nov 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Moxa MXView vulnerability: incorrect default permissions permit arbitrary commands as system user.

Reporter	Title	Published	Views	Family All 19
BDU FSTEC	The vulnerability of the FXOS operating system, which arises due to the failure to address the issue of eliminating special elements, allows a hacker to execute arbitrary commands with root privileges.	12 Nov 202000:00	–	bdu_fstec
Circl	CVE-2020-13537	6 Nov 202000:49	–	circl
Cisco	Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability	21 Oct 202016:00	–	cisco
CNVD	Cisco FXOS Command Execution Vulnerability	23 Oct 202000:00	–	cnvd
CNVD	Moxa MXView Local Elevation of Privilege Vulnerability	6 Nov 202000:00	–	cnvd
CVE	CVE-2020-13537	5 Nov 202020:09	–	cve
CVE	CVE-2020-3459	21 Oct 202018:35	–	cve
Cvelist	CVE-2020-13537	5 Nov 202020:09	–	cvelist
Cvelist	CVE-2020-3459 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability	21 Oct 202018:35	–	cvelist
EUVD	EUVD-2020-24730	7 Oct 202500:30	–	euvd

Vulners

Node

moxa mxviewRange3.0–3.1.8

Source	Link
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-3459
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2020-1148
web	www.web.nvd.nist.gov/view/vuln/detail

13 Sep 2024 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 27.2

CVSS 39.3

EPSS0.00532

Moxa MXView default permissions arbitrary commands system user vulnerability