CVE-2021-38460 Moxa MXview Network Management Software

2021-10-0500:00:00

CWE-523

icscert

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

CNA Affected

[
  {
    "product": "MXview Network Management Software",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.2.2",
        "status": "affected",
        "version": "3.x",
        "versionType": "custom"
      }
    ]
  }
]