CVE-2020-24051

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://ioac.tv/3hy1xu6	Exploit Third Party Advisory
https://ioactive.com/moog-exo-series-multiple-vulnerabilities/	Third Party Advisory
https://ioac.tv/3hy1xu6	Exploit Third Party Advisory
https://ioactive.com/moog-exo-series-multiple-vulnerabilities/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moog:exvf5c-2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:moog:exvf5c-2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:moog:exvp7c2-3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:moog:exvp7c2-3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:14

Type	Values Removed	Values Added
References	~~() https://ioac.tv/3hy1xu6 - Exploit, Third Party Advisory~~	() https://ioac.tv/3hy1xu6 - Exploit, Third Party Advisory
References	~~() https://ioactive.com/moog-exo-series-multiple-vulnerabilities/ - Third Party Advisory~~	() https://ioactive.com/moog-exo-series-multiple-vulnerabilities/ - Third Party Advisory

Information

Published : 2020-08-21 15:15

Updated : 2024-11-21 05:14

NVD link : CVE-2020-24051

Mitre link : CVE-2020-24051

CVE.ORG link : CVE-2020-24051

JSON object : View

Products Affected

moog

exvf5c-2
exvp7c2-3_firmware
exvf5c-2_firmware
exvp7c2-3

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2020-24051", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-08-21T15:15:12.773", "references": [{"url": "https://ioac.tv/3hy1xu6", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ioac.tv/3hy1xu6", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user."}, {"lang": "es", "value": "Las unidades EXVF5C-2 y EXVP7C2-3 de la Serie Moog EXO, admiten el protocolo de seguridad f\u00edsica basado en IP de interoperabilidad ONVIF, que requiere autenticaci\u00f3n para algunas de sus operaciones. Se encontr\u00f3 que la comprobaci\u00f3n de autenticaci\u00f3n para esas operaciones ONVIF puede ser omitida. Un atacante puede abusar de este problema para ejecutar operaciones privilegiadas sin autenticaci\u00f3n, por ejemplo, para crear un nuevo usuario Administrador."}], "lastModified": "2024-11-21T05:14:21.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moog:exvf5c-2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF20FE0F-EDB8-4BA4-A3B3-D141F2B01541"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moog:exvf5c-2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "69235D77-74E9-4D65-BB46-83BE55DDCCD8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moog:exvp7c2-3_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6F1521A-7795-438F-9EBD-8C866A856FAA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moog:exvp7c2-3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DDBEF0A-717F-4564-A05D-17164EA6D6AA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}