Sign-up

ID

VAR-201509-0216


CVE

CVE-2015-6465


TITLE

Moxa Industrial Managed Switch Denial of service vulnerability

Trust: 0.8

sources: IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05849

DESCRIPTION

The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. Moxa EDS-405A/EDS-408A is an Ethernet switch series. The exploiter exploits the constructed URL to cause the affected device to restart. Moxa EDS-405A/EDS-408A Series Switches are prone to the following multiple security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. A cross-site scripting vulnerability 3. A denial-of-service vulnerability Attackers can exploit these issues to cause a denial-of-service condition, gain elevated privileges or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.79

sources: NVD: CVE-2015-6465 // JVNDB: JVNDB-2015-004693 // CNVD: CNVD-2015-05849 // BID: 76612 // IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-84426 // VULMON: CVE-2015-6465

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05849

AFFECTED PRODUCTS

vendor:moxamodel:eds-405ascope:lteversion:3.4

Trust: 1.0

vendor:moxamodel:eds-408ascope:lteversion:3.4

Trust: 1.0

vendor:moxamodel:eds-405a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:eds-405a seriesscope:ltversion:3.6

Trust: 0.8

vendor:moxamodel:eds-408a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:eds-408a seriesscope:ltversion:3.6

Trust: 0.8

vendor:moxamodel:eds-405a/eds-408ascope: - version: -

Trust: 0.6

vendor:moxamodel:eds-408ascope:eqversion:3.4

Trust: 0.6

vendor:moxamodel:eds-405ascope:eqversion:3.4

Trust: 0.6

vendor:moxamodel:eds-408a series buildscope:eqversion:3.414031419

Trust: 0.3

vendor:moxamodel:eds-405a series buildscope:eqversion:3.414031419

Trust: 0.3

vendor:eds 405amodel: - scope:eqversion:*

Trust: 0.2

vendor:eds 408amodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05849 // BID: 76612 // JVNDB: JVNDB-2015-004693 // CNNVD: CNNVD-201509-145 // NVD: CVE-2015-6465

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6465
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6465
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-05849
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201509-145
value: MEDIUM

Trust: 0.6

IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-84426
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-6465
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6465
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-05849
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-84426
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05849 // VULHUB: VHN-84426 // VULMON: CVE-2015-6465 // JVNDB: JVNDB-2015-004693 // CNNVD: CNNVD-201509-145 // NVD: CVE-2015-6465

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-6465

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-145

TYPE

Unknown

Trust: 0.3

sources: BID: 76612

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004693

PATCH
title:EDS-405A/408A シリーズurl:http://japan.moxa.com/product/EDS-408405A.htm
Trust: 0.8
title:The Latest firmware for EDS-405A seriesurl:http://www.moxa.com/support/download.aspx?type=support&id=328
Trust: 0.8
title:Moxa Industrial Managed Switch Patch for Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/63690
Trust: 0.6
title:EDS405A_V3.6url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57733
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-05849 // 
            
            
            
            JVNDB: JVNDB-2015-004693 // 
            
            
            
            CNNVD: CNNVD-201509-145

EXTERNAL IDS
db:NVDid:CVE-2015-6465
Trust: 3.7
db:ICS CERTid:ICSA-15-246-03
Trust: 3.5
db:SECTRACKid:1033543
Trust: 1.2
db:CNNVDid:CNNVD-201509-145
Trust: 0.9
db:CNVDid:CNVD-2015-05849
Trust: 0.8
db:JVNDBid:JVNDB-2015-004693
Trust: 0.8
db:BIDid:76612
Trust: 0.4
db:IVDid:76A13E3E-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-84426
Trust: 0.1
db:VULMONid:CVE-2015-6465
Trust: 0.1
sources:
            
            
            IVD: 76a13e3e-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-05849 // 
            
            
            
            VULHUB: VHN-84426 // 
            
            
            
            VULMON: CVE-2015-6465 // 
            
            
            
            BID: 76612 // 
            
            
            
            JVNDB: JVNDB-2015-004693 // 
            
            
            
            CNNVD: CNNVD-201509-145 // 
            
            
            
            NVD: CVE-2015-6465

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-246-03
Trust: 3.6
url:http://www.moxa.com/support/download.aspx?type=support&id=328
Trust: 1.7
url:http://www.securitytracker.com/id/1033543
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6465
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6465
Trust: 0.8
url:http://store.moxa.com/a/product/eds-405a-408a-series?id=m20090312047
Trust: 0.3
url:http://www.moxa.com/support/download.aspx?type=support&id=328
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/76612
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05849 // 
            
            
            
            VULHUB: VHN-84426 // 
            
            
            
            VULMON: CVE-2015-6465 // 
            
            
            
            BID: 76612 // 
            
            
            
            JVNDB: JVNDB-2015-004693 // 
            
            
            
            CNNVD: CNNVD-201509-145 // 
            
            
            
            NVD: CVE-2015-6465

CREDITS
Erwin Paternotte of Applied Risk
Trust: 0.3
sources:
            
            
            BID: 76612

SOURCES
db:IVDid:76a13e3e-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-05849
db:VULHUBid:VHN-84426
db:VULMONid:CVE-2015-6465
db:BIDid:76612
db:JVNDBid:JVNDB-2015-004693
db:CNNVDid:CNNVD-201509-145
db:NVDid:CVE-2015-6465

LAST UPDATE DATE
2024-11-23T21:54:50.932000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05849date:2015-09-09T00:00:00
db:VULHUBid:VHN-84426date:2016-12-22T00:00:00
db:VULMONid:CVE-2015-6465date:2016-12-22T00:00:00
db:BIDid:76612date:2015-09-03T00:00:00
db:JVNDBid:JVNDB-2015-004693date:2015-09-15T00:00:00
db:CNNVDid:CNNVD-201509-145date:2015-09-14T00:00:00
db:NVDid:CVE-2015-6465date:2024-11-21T02:35:01.233

SOURCES RELEASE DATE
db:IVDid:76a13e3e-2351-11e6-abef-000c29c66e3ddate:2015-09-09T00:00:00
db:CNVDid:CNVD-2015-05849date:2015-09-09T00:00:00
db:VULHUBid:VHN-84426date:2015-09-11T00:00:00
db:VULMONid:CVE-2015-6465date:2015-11-09T00:00:00
db:BIDid:76612date:2015-09-03T00:00:00
db:JVNDBid:JVNDB-2015-004693date:2015-09-15T00:00:00
db:CNNVDid:CNNVD-201509-145date:2015-09-14T00:00:00
db:NVDid:CVE-2015-6465date:2015-09-11T16:59:09.033