ID de Prueba:	1.3.6.1.4.1.25623.1.0.106107
Categoría:	Web application abuses
Título:	Moxa EDS-405A/408A < 3.6 Multiple Vulnerabilities
Resumen:	Moxa EDS-405A and EDS-408A devices are prone to multiple; vulnerabilities.
Descripción:	Summary: Moxa EDS-405A and EDS-408A devices are prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2015-6464: The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. - CVE-2015-6465: The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. - CVE-2015-6466: Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. Vulnerability Impact: An authenticated attacker may bypass security restrictions or cause a denial of service. Affected Software/OS: Moxa EDS-405A and EDS-408A prior to version 3.6. Solution: Update to version 3.6 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6464 https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03 Common Vulnerability Exposure (CVE) ID: CVE-2015-6465 http://www.securitytracker.com/id/1033543 Common Vulnerability Exposure (CVE) ID: CVE-2015-6466
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.