Test ID:	1.3.6.1.4.1.25623.1.0.106107
Category:	Web application abuses
Title:	Moxa EDS-405A/408A < 3.6 Multiple Vulnerabilities
Summary:	Moxa EDS-405A and EDS-408A devices are prone to multiple; vulnerabilities.
Description:	Summary: Moxa EDS-405A and EDS-408A devices are prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2015-6464: The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. - CVE-2015-6465: The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. - CVE-2015-6466: Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. Vulnerability Impact: An authenticated attacker may bypass security restrictions or cause a denial of service. Affected Software/OS: Moxa EDS-405A and EDS-408A prior to version 3.6. Solution: Update to version 3.6 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6464 https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03 Common Vulnerability Exposure (CVE) ID: CVE-2015-6465 http://www.securitytracker.com/id/1033543 Common Vulnerability Exposure (CVE) ID: CVE-2015-6466
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.