CVE-2021-38458 – A path traversal vulnerability in Moxa MXview N... (How to Fix)

Q: What is the severity of CVE-2021-38458?

CVE-2021-38458 has a CVSS score of 9.8 (CRITICAL). A path traversal vulnerability in Moxa MXview Network Management software allows attackers to create or overwrite critical files, potentially leading to remote code execution. This affects organizations using MXview versions 3.x to 3.2.2 for industrial network management.

📋 TL;DR

A path traversal vulnerability in Moxa MXview Network Management software allows attackers to create or overwrite critical files, potentially leading to remote code execution. This affects organizations using MXview versions 3.x to 3.2.2 for industrial network management.

💻 Affected Systems

Products:

Moxa MXview Network Management Software

Versions: 3.x to 3.2.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations within the vulnerable version range regardless of configuration.

📦 What is this software?

Mxview by Moxa

View all CVEs affecting Mxview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, allowing attackers to take control of the network management system and potentially pivot to industrial control systems.

🟠

Likely Case

Unauthorized file creation/modification leading to service disruption, data manipulation, or installation of backdoors on the network management system.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can directly exploit without internal access.

🏢 Internal Only: HIGH - Even internally, this vulnerability can be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity and can be exploited without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.3 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mxview-network-management-software-vulnerability

Restart Required: Yes

Instructions:

1. Download MXview version 3.2.3 or later from Moxa support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the MXview service/system.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MXview system from untrusted networks and restrict access to authorized IPs only.

Access Control Hardening

all

Implement strict firewall rules and require VPN/secure access methods for MXview administration.

🧯 If You Can't Patch

Implement strict network segmentation to isolate MXview from production networks
Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check MXview version in the web interface under Help > About or via Windows Programs and Features.

Check Version:

Not applicable - check via web interface or Windows control panel.

Verify Fix Applied:

Verify version is 3.2.3 or later and test file upload functionality with path traversal attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual file creation/modification in MXview directories
Path traversal patterns in web server logs (../ sequences)
Unauthorized access attempts to MXview

Network Indicators:

Unusual HTTP requests to MXview with path traversal patterns
Traffic to MXview from unauthorized sources

SIEM Query:

source="mxview" AND (http_uri="*../*" OR http_uri="*..\\*" OR event="file_creation" AND path="*mxview*")

📊 Metadata

CVE ID: CVE-2021-38458

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

Published: October 12, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38458, you might also want to check these: