CVE-2024-6786

MXview One Series vulnerable to Path Traversal

CVSS 6 MEDIUMEPSS 0.5%CWE-24

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6EPSS 0.5%KEV nãoPoC —Patch referenciado

Ciclo de vida

21 set 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Moxa · MXview One Series

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series