Test ID:	1.3.6.1.4.1.25623.1.0.106107
Category:	Web application abuses
Title:	Moxa EDS-405A/408A Multiple Vulnerabilities
Summary:	Moxa EDS-405A and EDS-408A is prone to multiple vulnerabilies.
Description:	Summary: Moxa EDS-405A and EDS-408A is prone to multiple vulnerabilies. Vulnerability Insight: Moxa EDS-405A and EDS-408A is prone to multiple vulnerabilies: The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. (CVE-2015-6464) The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. (CVE-2015-6465) Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. (CVE-2015-6466) Vulnerability Impact: An authenticated attacker may bypass security restrictions or cause a denial of service. Affected Software/OS: Version prior to 3.6. Solution: Upgrade to Version 3.6 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6464 https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03 Common Vulnerability Exposure (CVE) ID: CVE-2015-6465 http://www.securitytracker.com/id/1033543 Common Vulnerability Exposure (CVE) ID: CVE-2015-6466
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.