CVE-2024-6786 — MEDIUM (6.5)

Q: How severe is CVE-2024-6786?

CVE-2024-6786 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-6786?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Mxview One.

Vulnerability Description

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Moxa	Mxview One	< 1.4.1

Related Weaknesses (CWE)

CWE-22 CWE-24

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05Third Party AdvisoryUS Government Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-muPatchVendor Advisory

FAQ

What is CVE-2024-6786?

CVE-2024-6786 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of se...

How severe is CVE-2024-6786?

CVE-2024-6786 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6786?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Mxview One.