var-201509-0215
Vulnerability from variot
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. Moxa EDS-405A/EDS-408A is an Ethernet switch series. A privilege escalation vulnerability exists in the management web interface of Moxa EDS-405A/EDS-408A. This vulnerability can be exploited by attackers to bypass the authentication mechanism and enhance permissions. Moxa EDS-405A/EDS-408A Series Switches are prone to the following multiple security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. A cross-site scripting vulnerability 3. A denial-of-service vulnerability Attackers can exploit these issues to cause a denial-of-service condition, gain elevated privileges or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-405a series",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "3.6"
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "3.6"
},
{
"model": "eds-405a/eds-408a",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-408a series build",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.414031419"
},
{
"model": "eds-405a series build",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.414031419"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-144"
},
{
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:moxa:eds-405a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:moxa:eds-408a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Erwin Paternotte of Applied Risk",
"sources": [
{
"db": "BID",
"id": "76612"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6464",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6464",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-05848",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "769fda94-2351-11e6-abef-000c29c66e3d",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-84425",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6464",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6464",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05848",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-144",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84425",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "VULHUB",
"id": "VHN-84425"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-144"
},
{
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. Moxa EDS-405A/EDS-408A is an Ethernet switch series. A privilege escalation vulnerability exists in the management web interface of Moxa EDS-405A/EDS-408A. This vulnerability can be exploited by attackers to bypass the authentication mechanism and enhance permissions. Moxa EDS-405A/EDS-408A Series Switches are prone to the following multiple security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. A cross-site scripting vulnerability\n3. A denial-of-service vulnerability\nAttackers can exploit these issues to cause a denial-of-service condition, gain elevated privileges or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6464"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84425"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6464",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-246-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201509-144",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05848",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692",
"trust": 0.8
},
{
"db": "BID",
"id": "76612",
"trust": 0.3
},
{
"db": "IVD",
"id": "769FDA94-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84425",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "VULHUB",
"id": "VHN-84425"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-144"
},
{
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"id": "VAR-201509-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "VULHUB",
"id": "VHN-84425"
}
],
"trust": 1.6938712666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05848"
}
]
},
"last_update_date": "2024-11-23T21:54:50.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-405A/408A \u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "http://japan.moxa.com/product/EDS-408405A.htm"
},
{
"title": "The Latest firmware for EDS-405A series",
"trust": 0.8,
"url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=328"
},
{
"title": "Moxa Industrial Managed Switch privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63688"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-03"
},
{
"trust": 1.6,
"url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=328"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6464"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6464"
},
{
"trust": 0.3,
"url": "http://store.moxa.com/a/product/eds-405a-408a-series?id=m20090312047"
},
{
"trust": 0.1,
"url": "http://www.moxa.com/support/download.aspx?type=support\u0026amp;id=328"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "VULHUB",
"id": "VHN-84425"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-144"
},
{
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"db": "VULHUB",
"id": "VHN-84425"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-144"
},
{
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-09T00:00:00",
"db": "IVD",
"id": "769fda94-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84425"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76612"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-144"
},
{
"date": "2015-09-11T16:59:07.673000",
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05848"
},
{
"date": "2015-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-84425"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76612"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004692"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-144"
},
{
"date": "2024-11-21T02:35:01.093000",
"db": "NVD",
"id": "CVE-2015-6464"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-144"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-405A and EDS-408A Managing switch firmware Web Vulnerabilities that bypass read-only protection mechanisms in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004692"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "76612"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.