var-201801-0524
Vulnerability from variot
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa MXView Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa MXView is a network management software for Moxa's configuration, monitoring and diagnostics of network devices in Industrial Ethernet. A privilege elevation vulnerability exists in Moxa MXview 2.8 and earlier. Moxa MXview is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mxview",
"scope": "lte",
"trust": 1.8,
"vendor": "moxa",
"version": "2.8"
},
{
"model": "mxview",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "2.8"
},
{
"model": "mxview",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.8"
},
{
"model": "mxview",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mxview",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mxview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "102494"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14030",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-00906",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-104712",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-14030",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14030",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-14030",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-00906",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104712",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa MXView Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa MXView is a network management software for Moxa\u0027s configuration, monitoring and diagnostics of network devices in Industrial Ethernet. A privilege elevation vulnerability exists in Moxa MXview 2.8 and earlier. Moxa MXview is prone to a local privilege-escalation vulnerability. \nAttackers can exploit this issue to execute arbitrary code with elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-104712"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14030",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-011-02",
"trust": 3.4
},
{
"db": "BID",
"id": "102494",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-00906",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E155C0-39AB-11E9-ACC4-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99026",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-104712",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"id": "VAR-201801-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
}
],
"trust": 1.4675676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
}
]
},
"last_update_date": "2024-11-23T22:00:46.971000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MXview",
"trust": 0.8,
"url": "https://www.moxa.com/product/MXview.htm"
},
{
"title": "Moxa MXview privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113407"
},
{
"title": "Moxa MXview Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-011-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14030"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14030"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
},
{
"trust": 0.3,
"url": "https://www.moxa.com/support/sarch_result.aspx?prod_id=622\u0026type_id=6\u0026type=soft"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"db": "VULHUB",
"id": "VHN-104712"
},
{
"db": "BID",
"id": "102494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
},
{
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-104712"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102494"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1245"
},
{
"date": "2018-01-12T20:29:00.213000",
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00906"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-104712"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102494"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012100"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1245"
},
{
"date": "2024-11-21T03:12:00.730000",
"db": "NVD",
"id": "CVE-2017-14030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102494"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa MXView Vulnerabilities related to unquoted search paths or elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e155c0-39ab-11e9-acc4-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1245"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…