var-201509-0216
Vulnerability from variot
The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. Moxa EDS-405A/EDS-408A is an Ethernet switch series. The exploiter exploits the constructed URL to cause the affected device to restart. Moxa EDS-405A/EDS-408A Series Switches are prone to the following multiple security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. A cross-site scripting vulnerability 3. A denial-of-service vulnerability Attackers can exploit these issues to cause a denial-of-service condition, gain elevated privileges or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-405a series",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "3.6"
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "3.6"
},
{
"model": "eds-405a/eds-408a",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "3.4"
},
{
"model": "eds-408a series build",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.414031419"
},
{
"model": "eds-405a series build",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.414031419"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-145"
},
{
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:moxa:eds-405a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:moxa:eds-408a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Erwin Paternotte of Applied Risk",
"sources": [
{
"db": "BID",
"id": "76612"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6465",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6465",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-05849",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-84426",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6465",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6465",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05849",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-145",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84426",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-6465",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "VULHUB",
"id": "VHN-84426"
},
{
"db": "VULMON",
"id": "CVE-2015-6465"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-145"
},
{
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. Moxa EDS-405A/EDS-408A is an Ethernet switch series. The exploiter exploits the constructed URL to cause the affected device to restart. Moxa EDS-405A/EDS-408A Series Switches are prone to the following multiple security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. A cross-site scripting vulnerability\n3. A denial-of-service vulnerability\nAttackers can exploit these issues to cause a denial-of-service condition, gain elevated privileges or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6465"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84426"
},
{
"db": "VULMON",
"id": "CVE-2015-6465"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6465",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-246-03",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1033543",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201509-145",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05849",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693",
"trust": 0.8
},
{
"db": "BID",
"id": "76612",
"trust": 0.4
},
{
"db": "IVD",
"id": "76A13E3E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84426",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6465",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "VULHUB",
"id": "VHN-84426"
},
{
"db": "VULMON",
"id": "CVE-2015-6465"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-145"
},
{
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"id": "VAR-201509-0216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "VULHUB",
"id": "VHN-84426"
}
],
"trust": 1.6938712666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
}
]
},
"last_update_date": "2024-11-23T21:54:50.932000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-405A/408A \u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "http://japan.moxa.com/product/EDS-408405A.htm"
},
{
"title": "The Latest firmware for EDS-405A series",
"trust": 0.8,
"url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=328"
},
{
"title": "Moxa Industrial Managed Switch Patch for Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63690"
},
{
"title": "EDS405A_V3.6",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57733"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-145"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-03"
},
{
"trust": 1.7,
"url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=328"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033543"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6465"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6465"
},
{
"trust": 0.3,
"url": "http://store.moxa.com/a/product/eds-405a-408a-series?id=m20090312047"
},
{
"trust": 0.1,
"url": "http://www.moxa.com/support/download.aspx?type=support\u0026amp;id=328"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76612"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "VULHUB",
"id": "VHN-84426"
},
{
"db": "VULMON",
"id": "CVE-2015-6465"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-145"
},
{
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"db": "VULHUB",
"id": "VHN-84426"
},
{
"db": "VULMON",
"id": "CVE-2015-6465"
},
{
"db": "BID",
"id": "76612"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-145"
},
{
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-09T00:00:00",
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84426"
},
{
"date": "2015-11-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6465"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76612"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-145"
},
{
"date": "2015-09-11T16:59:09.033000",
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05849"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84426"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6465"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76612"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004693"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-145"
},
{
"date": "2024-11-21T02:35:01.233000",
"db": "NVD",
"id": "CVE-2015-6465"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-145"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa Industrial Managed Switch Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "76a13e3e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "76612"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.