MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2024-6787

CVSS 6.0v4.0pub. 2024-09-21upd. 2024-09-30

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.

CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Moxa Mxview One

    APP
    Moxa
    < 1.4.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2024-6785MEDIUM6.8ten sam produkt

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modif...

CVE-2024-6786MEDIUM6.0ten sam produkt

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, en...

CVE-2023-39979CRITICAL9.8ten sam vendor

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication....

CVE-2023-33236CRITICAL9.8ten sam vendor

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been report...

CVE-2023-28697CRITICAL9.8ten sam vendor

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can explo...