Sign-up

ID

VAR-202110-0574


CVE

CVE-2021-38458


TITLE

Moxa MXview Network Management  Injection vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-013648

DESCRIPTION

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Moxa MXview Network Management The software has an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-38458 // JVNDB: JVNDB-2021-013648 // VULHUB: VHN-400073 // VULMON: CVE-2021-38458

AFFECTED PRODUCTS

vendor:moxamodel:mxviewscope:lteversion:3.2.2

Trust: 1.0

vendor:moxamodel:mxviewscope:gteversion:3.0

Trust: 1.0

vendor:moxamodel:mxviewscope:eqversion: -

Trust: 0.8

vendor:moxamodel:mxviewscope:eqversion:3.2.2 for up to 3.x

Trust: 0.8

sources: JVNDB: JVNDB-2021-013648 // NVD: CVE-2021-38458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-38458
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-38458
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-38458
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202110-235
value: CRITICAL

Trust: 0.6

VULHUB: VHN-400073
value: HIGH

Trust: 0.1

VULMON: CVE-2021-38458
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-38458
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-400073
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-38458
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-013648
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-400073 // VULMON: CVE-2021-38458 // JVNDB: JVNDB-2021-013648 // CNNVD: CNNVD-202110-235 // NVD: CVE-2021-38458 // NVD: CVE-2021-38458

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.1

problemtype:injection (CWE-74) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-400073 // JVNDB: JVNDB-2021-013648 // NVD: CVE-2021-38458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-235

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-235

PATCH

title:MXview Seriesurl:https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=53389

Trust: 0.8

title:Moxa Mxview Network Management Software Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164918

Trust: 0.6

sources: JVNDB: JVNDB-2021-013648 // CNNVD: CNNVD-202110-235

EXTERNAL IDS

db:NVDid:CVE-2021-38458

Trust: 3.4

db:ICS CERTid:ICSA-21-278-03

Trust: 2.6

db:JVNid:JVNVU91384521

Trust: 0.8

db:JVNDBid:JVNDB-2021-013648

Trust: 0.8

db:AUSCERTid:ESB-2021.3307

Trust: 0.6

db:CS-HELPid:SB2021100607

Trust: 0.6

db:CNNVDid:CNNVD-202110-235

Trust: 0.6

db:VULHUBid:VHN-400073

Trust: 0.1

db:VULMONid:CVE-2021-38458

Trust: 0.1

sources: VULHUB: VHN-400073 // VULMON: CVE-2021-38458 // JVNDB: JVNDB-2021-013648 // CNNVD: CNNVD-202110-235 // NVD: CVE-2021-38458

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-38458

Trust: 1.4

url:http://jvn.jp/vu/jvnvu91384521/index.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021100607

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3307

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/74.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-400073 // VULMON: CVE-2021-38458 // JVNDB: JVNDB-2021-013648 // CNNVD: CNNVD-202110-235 // NVD: CVE-2021-38458

CREDITS

Noam Moshe from Claroty reported these vulnerabilities to Moxa.

Trust: 0.6

sources: CNNVD: CNNVD-202110-235

SOURCES

db:VULHUBid:VHN-400073
db:VULMONid:CVE-2021-38458
db:JVNDBid:JVNDB-2021-013648
db:CNNVDid:CNNVD-202110-235
db:NVDid:CVE-2021-38458

LAST UPDATE DATE

2024-08-14T13:23:20.579000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-400073date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-38458date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013648date:2022-09-20T08:59:00
db:CNNVDid:CNNVD-202110-235date:2021-10-20T00:00:00
db:NVDid:CVE-2021-38458date:2021-10-19T13:45:04.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-400073date:2021-10-12T00:00:00
db:VULMONid:CVE-2021-38458date:2021-10-12T00:00:00
db:JVNDBid:JVNDB-2021-013648date:2022-09-20T00:00:00
db:CNNVDid:CNNVD-202110-235date:2021-10-05T00:00:00
db:NVDid:CVE-2021-38458date:2021-10-12T14:15:08.577