CVE-2017-14030 - An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerab

CVE-2017-14030

Summary

An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

References

http://www.securityfocus.com/bid/102494
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02

Vulnerable Configurations

cpe:2.3:a:moxa:mxview:2.8:*:*:*:*:*:*:*
cpe:2.3:a:moxa:mxview:2.8:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 09-10-2019 - 23:23)
Impact:
Exploitability:

CWE

CWE-428

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	102494
misc	https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02

Last major update

09-10-2019 - 23:23

Published

12-01-2018 - 20:29

Last modified

09-10-2019 - 23:23