#VU9998 Privilege escalation in MXview - CVE-2017-14030
Published: January 11, 2018 / Updated: January 12, 2018
Vulnerability identifier: #VU9998
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14030
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
MXview
MXview
Software vendor:
Moxa
Moxa
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges..
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Update to version 2.9.