FKIE_CVE-2020-24054
Vulnerability from fkie_nvd - Published: 2020-08-21 15:15 - Updated: 2026-06-17 03:05
Severity
Summary
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://ioac.tv/3hy1xu6 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://ioactive.com/moog-exo-series-multiple-vulnerabilities/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ioac.tv/3hy1xu6 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ioactive.com/moog-exo-series-multiple-vulnerabilities/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moog | exvf5c-2_firmware | - | |
| moog | exvf5c-2 | - | |
| moog | exvp7c2-3_firmware | - | |
| moog | exvp7c2-3 | - |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moog:exvf5c-2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF20FE0F-EDB8-4BA4-A3B3-D141F2B01541",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moog:exvf5c-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69235D77-74E9-4D65-BB46-83BE55DDCCD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moog:exvp7c2-3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F1521A-7795-438F-9EBD-8C866A856FAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moog:exvp7c2-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDBEF0A-717F-4564-A05D-17164EA6D6AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a \u0027statusbroadcast\u0027 command that can spawn a given process repeatedly at a certain time interval as \u0027root\u0027. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as \u0027${IFS}\u0027. As a result, an attacker can execute arbitrary commands as \u0027root\u0027 on the units."
},
{
"lang": "es",
"value": "La consola de administraci\u00f3n de las unidades EXVF5C-2 y EXVP7C2-3 de la Serie Moog EXO cuenta con un comando de \"statusbroadcast\" que puede generar un proceso dado repetidamente en un intervalo de tiempo determinado como \"root\". Una de las limitaciones de esta funcionalidad es que solo toma una ruta hacia un binario sin argumentos; sin embargo, esto puede ser evitado usando variables de shell especiales, como \"${IFS}\". Como resultado, un atacante puede ejecutar comandos arbitrarios como \"root\" en las unidades."
}
],
"id": "CVE-2020-24054",
"lastModified": "2026-06-17T03:05:11.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T15:15:12.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ioac.tv/3hy1xu6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ioac.tv/3hy1xu6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…