Details of VAR-202110-0572

ID

VAR-202110-0572

CVE

CVE-2021-38452

TITLE

Moxa MXview Network Management Path traversal vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-013654

DESCRIPTION

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-38452 // JVNDB: JVNDB-2021-013654 // VULHUB: VHN-400070 // VULMON: CVE-2021-38452

AFFECTED PRODUCTS

vendor:	moxa	model:	mxview	scope:	lte	version:	3.2.2	Trust: 1.0
vendor:	moxa	model:	mxview	scope:	gte	version:	3.0	Trust: 1.0
vendor:	moxa	model:	mxview	scope:	eq	version:	-	Trust: 0.8
vendor:	moxa	model:	mxview	scope:	eq	version:	3.2.2 for up to 3.x	Trust: 0.8

sources: JVNDB: JVNDB-2021-013654 // NVD: CVE-2021-38452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38452
value:	CRITICAL
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-38452
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-38452
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202110-232
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-400070
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-38452
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-38452
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-400070
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-38452
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-38452
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-38452
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-400070 // VULMON: CVE-2021-38452 // JVNDB: JVNDB-2021-013654 // CNNVD: CNNVD-202110-232 // NVD: CVE-2021-38452 // NVD: CVE-2021-38452

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-400070 // JVNDB: JVNDB-2021-013654 // NVD: CVE-2021-38452

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-232

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202110-232

PATCH

title:	MXview Series	url:	https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=53389	Trust: 0.8
title:	Moxa Mxview Network Management Software Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166500	Trust: 0.6

sources: JVNDB: JVNDB-2021-013654 // CNNVD: CNNVD-202110-232

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38452	Trust: 3.4
db:	ICS CERT	id:	ICSA-21-278-03	Trust: 2.6
db:	JVN	id:	JVNVU91384521	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-013654	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3307	Trust: 0.6
db:	CS-HELP	id:	SB2021100607	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-232	Trust: 0.6
db:	VULHUB	id:	VHN-400070	Trust: 0.1
db:	VULMON	id:	CVE-2021-38452	Trust: 0.1

sources: VULHUB: VHN-400070 // VULMON: CVE-2021-38452 // JVNDB: JVNDB-2021-013654 // CNNVD: CNNVD-202110-232 // NVD: CVE-2021-38452

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38452	Trust: 1.4
url:	http://jvn.jp/vu/jvnvu91384521/index.html	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021100607	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3307	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-400070 // VULMON: CVE-2021-38452 // JVNDB: JVNDB-2021-013654 // CNNVD: CNNVD-202110-232 // NVD: CVE-2021-38452

CREDITS

Noam Moshe from Claroty reported these vulnerabilities to Moxa.

Trust: 0.6

sources: CNNVD: CNNVD-202110-232

SOURCES

db:	VULHUB	id:	VHN-400070
db:	VULMON	id:	CVE-2021-38452
db:	JVNDB	id:	JVNDB-2021-013654
db:	CNNVD	id:	CNNVD-202110-232
db:	NVD	id:	CVE-2021-38452

LAST UPDATE DATE

2024-08-14T13:23:20.549000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-400070	date:	2021-10-19T00:00:00
db:	VULMON	id:	CVE-2021-38452	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-013654	date:	2022-09-21T02:55:00
db:	CNNVD	id:	CNNVD-202110-232	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2021-38452	date:	2021-10-19T13:34:48.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-400070	date:	2021-10-12T00:00:00
db:	VULMON	id:	CVE-2021-38452	date:	2021-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-013654	date:	2022-09-21T00:00:00
db:	CNNVD	id:	CNNVD-202110-232	date:	2021-10-05T00:00:00
db:	NVD	id:	CVE-2021-38452	date:	2021-10-12T14:15:08.347