Lucene search

TalosCVELIST:CVE-2020-13536

HistoryNov 05, 2020 - 8:09 p.m.

CVE-2020-13536

2020-11-0520:09:45

CWE-276

talos

www.cve.org

9.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

20.3%

JSON

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.

CNA Affected

[
  {
    "product": "Moxa",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Moxa MXView Series 3.1.8"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1148

9.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for CVELIST:CVE-2020-13536