← Volver a CVEs
CVE-2020-24051
CRITICAL9.8
Descripcion
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/21/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
moog:exvf5c-2moog:exvf5c-2_firmwaremoog:exvp7c2-3moog:exvp7c2-3_firmware
Debilidades (CWE)
CWE-306
Referencias
https://ioac.tv/3hy1xu6(cve@mitre.org)
https://ioac.tv/3hy1xu6(af854a3a-2127-422b-91ae-364da2661108)
https://ioactive.com/moog-exo-series-multiple-vulnerabilities/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.