CVE-2017-14434

{"id": "CVE-2017-14434", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-05-14T20:29:00.797", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petici\u00f3n POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. Un atacante puede inyectar comandos de sistema operativo en el par\u00e1metro remoteNetmask0= en el URI \"/goform/net\\_Web\\_get_value\" para desencadenar esta vulnerabilidad."}], "lastModified": "2024-11-21T03:12:47.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB5AD896-998A-4CA4-AA8C-8B320856247F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A6BD14C-FD19-4AF7-A221-91B1A49C0A58"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}