MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.
References
Link | Resource |
---|---|
https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities | Patch Vendor Advisory |
Configurations
History
30 May 2023, 19:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities - Patch, Vendor Advisory | |
CWE | CWE-77 | |
CPE | cpe:2.3:a:moxa:mxsecurity:1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Moxa
Moxa mxsecurity |
22 May 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-22 06:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-33235
Mitre link : CVE-2023-33235
CVE.ORG link : CVE-2023-33235
JSON object : View
Products Affected
moxa
- mxsecurity
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')