Serious security vulnerabilities reported by moxa mxview network management software

Some effects have been disclosed Moxa MXview be based on Web Technical details of the security vulnerability of the network management system , Some of them may be linked by unauthenticated attackers , To achieve remote code execution on unpatched servers .

Claroty Security researcher Noam Moshe In a report released this week , These five security vulnerabilities “ May allow remote 、 An unauthenticated attacker executes code on the host with the highest available privileges ：NT AUTHORITY\SYSTEM” .

Moxa MXview Designed to configure 、 Designed to monitor and diagnose network equipment in Industrial Networks . These affect network management software 3.x to 3.2.2 The defect of the version is 2021 year 10 After the coordinated disclosure process in January, it will be in 3.2.4 Or later .

“ Successful exploitation of these vulnerabilities may allow attackers to create or overwrite critical files to execute code 、 Access program 、 Obtain the credentials 、 Disable Software 、 Read and modify other inaccessible data 、 Allow remote connection to internal communication channels or interaction and remote use MQTT,” U.S. cybersecurity and Infrastructure Security Agency (CISA) In an announcement, it said .

MQTT It refers to a message passing protocol that promotes remote asynchronous communication , Support in MXview Messages are transferred between different components in the environment .

The list of defects is as follows ——

• CVE-2021-38452（CVSS score ：7.5）- Path traversal vulnerability in applications , Allow access to or overwrite key files used to execute code
• CVE-2021-38454（CVSS fraction ：10.0）- Allow remote connections to MQTT Misconfigured service , Thus, it can interact and use communication channels remotely
• CVE-2021-38456（CVSS fraction ：9.8）- Use hard coded passwords
• CVE-2021-38458（CVSS fraction ：9.8）- Improper neutralization of special elements , It may cause unauthorized commands to be executed remotely
• CVE-2021-38460（CVSS fraction ：7.5）- Password disclosure cases that may allow attackers to obtain credentials

The above three vulnerabilities ——CVE-2021-38452、CVE-2021-38454 and CVE-2021-38458 Can be strung together , In vulnerable areas with system privileges MXView Implement pre validated remote code execution on the instance .

stay Claroty In the hypothetical attack scenario designed ,CVE-2021-38452 May be abused , By reading the configuration file gateway-upper.ini To get plain text MQTT password , And then use it CVE-2021-38454 Inject hooligans MQTT news , The command injection on the server triggers code execution .

“ The attacker directed at MQTT The agent injects malicious messages , Bypass all input validation performed by the server , And pass OS Command injection vulnerability enables arbitrary remote code execution ,”Moshe explains .