Lucene search

[email protected]NVD:CVE-2021-38460

HistoryOct 12, 2021 - 2:15 p.m.

CVE-2021-38460

2021-10-1214:15:08

CWE-523

CWE-22

[email protected]

web.nvd.nist.gov

moxa mxview

path traversal

vulnerability

code execution

software vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

73.7%

JSON

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Affected configurations

Nvd

Node

moxamxviewRange3.0–3.2.2

VendorProductVersionCPE
moxamxview*cpe:2.3:a:moxa:mxview:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moxa	mxview	*	cpe:2.3:a:moxa:mxview::::::::

References

us-cert.cisa.gov/ics/advisories/icsa-21-278-03

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

73.7%

JSON

Related for NVD:CVE-2021-38460

cnvd1 prion1 cvelist1 cve1 threatpost1 ics1 thn1