CVE-2024-6787

MXview One Series vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition

CVSS 6 MEDIUMEPSS 0.3%CWE-367

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

21 Sep 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected products

Moxa · MXview One Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series