CVE-2020-24051

Vulnerability

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations [1]. It was found that the authentication check for those ONVIF operations can be bypassed [1]. The affected versions include these specific models running their factory firmware as described in the advisory.

Exploitation

An attacker with network access to the affected unit can abuse this issue without any authentication [1]. By sending crafted ONVIF web service requests that bypass the authentication mechanism, the attacker can execute privileged operations that should require valid credentials [1]. No user interaction or prior access is needed.

Impact

Successful exploitation allows an attacker to execute privileged ONVIF operations without authentication, for instance, to create a new Administrator user [1]. This gives the attacker full administrative control over the device, leading to compromise of confidentiality, integrity, and availability.

Mitigation

The advisory from IOActive [1] does not provide a patched firmware version or official vendor fix. Users should contact Moog for mitigation advice, restrict network access to these devices, and monitor for any vendor updates. No workaround is detailed in the available references [1].