CVE-2024-6786

Path Traversal: '../filedir' (CWE-24)

Published: Sep 21, 2024 / Updated: 59d ago

010
CVSS 6EPSS 0.04%Medium
CVE info copied to clipboard

Summary

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

Impact

This vulnerability has a high impact on confidentiality. An attacker with low privileges can potentially access and read sensitive files on the affected system, including configuration files and JWT signing secrets. This could lead to further compromises of the system or related services. The vulnerability has a CVSS v3.1 base score of 6.5 (Medium severity) and a CVSS v4.0 base score of 6.0 (Medium severity). It's important to note that while the confidentiality impact is high, there is no direct impact on integrity or availability of the system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Moxa has released security updates to address this vulnerability. The patch was added on September 30, 2024, and can be found on the Moxa website (https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series).

Mitigation

1. Update affected Moxa MXview One systems to version 1.4.1 or later, which contains the patch for this vulnerability. 2. If immediate patching is not possible, implement network segmentation to restrict access to the affected systems. 3. Monitor and audit file access patterns for any suspicious activities. 4. Implement strong access controls and principle of least privilege to minimize the potential impact of the vulnerability. 5. Regularly review and update security configurations, especially those related to file system access and MQTT message handling. 6. Consider implementing additional security measures such as intrusion detection systems (IDS) or web application firewalls (WAF) to detect and prevent path traversal attempts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6786

Sep 21, 2024 at 5:15 AM
First Article

Feedly found the first article mentioning CVE-2024-6786. See article

Sep 21, 2024 at 5:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 21, 2024 at 5:21 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 21, 2024 at 9:28 AM
Threat Intelligence Report

CVE-2024-6786 is a vulnerability with a CVSS v3.1 base score of 6.5 and a CVSS v4 base score of 6.0, indicating a moderate level of criticality. The details provided do not specify whether it is being exploited in the wild, nor do they mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts to third-party vendors or technology. Further investigation would be necessary to assess the full context and implications of this vulnerability. See article

Sep 24, 2024 at 2:08 PM
Static CVE Timeline Graph

Affected Systems

Moxa/mxview_one
+null more

Patches

www.moxa.com
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

References

Multiple Vulnerabilities in MXview One and MXview One Central Manager Series
The affected products and software versions are listed below. The affected products and software versions are listed below.
Moxa MXview One
Successful exploitation of these vulnerabilities could allow an attacker to expose local credentials and write arbitrary files to the system, resulting in execution of malicious code. Vulnerabilities : Cleartext Storage In A File or On Disk, Path Traversal, Time-of-Check Time-of-Use Race Condition

News

CISA Releases Industrial Control Systems Advisories to Defend Against Cyber Attacks
Users are strongly advised to upgrade to version V17Q.2.1 and implement additional security measures, such as using Virtual Private Networks (VPNs) for remote access and conducting comprehensive risk assessments to mitigate potential exploitation. With a CVSS v4 score of 9.3, this vulnerability allows attackers to bypass authentication and gain full administrative privileges remotely, posing significant risks to critical infrastructure sectors such as energy and transportation.
CVE-2024-6786
CWE-24: Path Traversal: The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
Moxa MXview One
Successful exploitation of these vulnerabilities could allow an attacker to expose local credentials and write arbitrary files to the system, resulting in execution of malicious code. Vulnerabilities : Cleartext Storage In A File or On Disk, Path Traversal, Time-of-Check Time-of-Use Race Condition
CVE Alert: CVE-2024-6786 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-6786/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_6786
CVE Alert: CVE-2024-6786
Everyone that supports the site helps enable new functionality. The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system.
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI