CVE-2024-6787

MEDIUM

TOCTOU - Code Injection

Title source: llm

Description

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05

[Patch, Vendor Advisory] https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series

Scores

CVSS v3 5.3

EPSS 0.0037

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-367

Status published

Affected Products (1)

moxa/mxview_one < 1.4.1

Timeline

Published Sep 21, 2024

Tracked Since Feb 18, 2026