PT-2020-15629 · Moog · Moog Exo Series

Gabriel Gonzalez

Published

2020-08-21

Updated

2021-07-21

CVE-2020-24052

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions Moog EXO Series versions EXVF5C-2 and EXVP7C2-3

Description The issue concerns several XML External Entity (XXE) vulnerabilities. These vulnerabilities allow remote unauthenticated users to read arbitrary files by using a crafted Document Type Definition (DTD) in an XML request.

Recommendations For Moog EXO Series versions EXVF5C-2 and EXVP7C2-3, consider disabling the XML parsing functionality until a patch is available. Restrict access to the XML request handling module to minimize the risk of exploitation. Avoid using crafted DTDs in XML requests until the issue is resolved.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2020-24052

Affected Products

Moog Exo Series

PT-2020-15629 · Moog · Moog Exo Series

CVE-2020-24052

Weakness Enumeration

Related Identifiers

Affected Products

References · 3