2020-08-21 14:28:06
mitre
PUBLISHED
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a statusbroadcast command that can spawn a given process repeatedly at a certain time interval as root. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as ${IFS}. As a result, an attacker can execute arbitrary commands as root on the units.