Vulnerability Description
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moog | Exvf5C-2 Firmware | - |
| Moog | Exvf5C-2 | - |
| Moog | Exvp7C2-3 Firmware | - |
| Moog | Exvp7C2-3 | - |
Related Weaknesses (CWE)
References
- https://ioac.tv/3hy1xu6ExploitThird Party Advisory
- https://ioactive.com/moog-exo-series-multiple-vulnerabilities/Third Party Advisory
- https://ioac.tv/3hy1xu6ExploitThird Party Advisory
- https://ioactive.com/moog-exo-series-multiple-vulnerabilities/Third Party Advisory
FAQ
What is CVE-2020-24054?
CVE-2020-24054 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One ...
How severe is CVE-2020-24054?
CVE-2020-24054 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-24054?
Check the references section above for vendor advisories and patch information. Affected products include: Moog Exvf5C-2 Firmware, Moog Exvf5C-2, Moog Exvp7C2-3 Firmware, Moog Exvp7C2-3.