ID |
CVE-2019-5136
|
Summary |
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 9.0 (as of 13-06-2022 - 20:15) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
refmap
via4
|
|
saint
via4
|
description | Moxa AWK-3131A iw_console privilege escalation vulnerability | title | moxa_iw_console_privilege_escalation | type | remote |
|
Last major update |
13-06-2022 - 20:15 |
Published |
25-02-2020 - 16:15 |
Last modified |
13-06-2022 - 20:15 |