Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path

vendor:

Mosquitto MQTT broker

by:

Riadh Bouchahoua

7.8

CVSS

HIGH

Unquoted Service Path

CWE

Product Name: Mosquitto MQTT broker

Affected Version From: 2.0.9

Affected Version To: 2.0.9

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 64 bits

2021

Eclipse Mosquitto MQTT broker 2.0.9 – ‘mosquitto’ Unquoted Service Path

The vulnerability allows an attacker to gain elevated privileges by exploiting an unquoted service path in Eclipse Mosquitto MQTT broker version 2.0.9. By manipulating the service path, an attacker can execute arbitrary code with elevated privileges.

Mitigation:

To mitigate this vulnerability, users are advised to install the latest version of Eclipse Mosquitto MQTT broker and ensure that the service path is properly quoted.

Source

Exploit-DB raw data:

# Exploit Title: Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
# Discovery by: Riadh Bouchahoua 
# Discovery Date: 19-03-2021
# Vendor Homepage: https://mosquitto.org/
# Software Links : https://mosquitto.org/download/
# Tested Version: 2.0.9
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 64 bits

# Step to discover Unquoted Service Path:



====

C:\Users\Admin>wmic service get name,pathname,startmode |findstr /i /v "C:\Windows\\" |findstr  "mosquitto"
mosquitto                                               C:\Program Files\mosquitto\mosquitto.exe run                      

====

C:\Users\Admin>sc qc mosquitto
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: mosquitto
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\mosquitto\mosquitto.exe run
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Mosquitto Broker
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem