CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24052

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.7%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

https://ioac.tv/3hy1xu6
https://ioactive.com/moog-exo-series-multiple-vulnerabilities/
https://ioac.tv/3hy1xu6
https://ioactive.com/moog-exo-series-multiple-vulnerabilities/

Products affected by CVE-2020-24052

Moog » Exvf5c-2 » Version: N/A

cpe:2.3:h:moog:exvf5c-2:-
Moog » Exvp7c2-3 » Version: N/A

cpe:2.3:h:moog:exvp7c2-3:-
Moog » Exvf5c-2 Firmware » Version: N/A

cpe:2.3:o:moog:exvf5c-2_firmware:-
Moog » Exvp7c2-3 Firmware » Version: N/A

cpe:2.3:o:moog:exvp7c2-3_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24052

Products

Pricing

Contact Us