var-201512-0071
Vulnerability from variot
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the MessageBrokerServlet servlet, which does not ensure a user is authenticated prior to accepting commands. An attacker can exploit this condition to perform various actions, including addUserAndGroup, to take full control of the product and achieve code execution on all managed hosts. There is a security vulnerability in the implementation. Moxa OnCell Central Manager is a set of private IP management software from Moxa. The software supports the configuration, management, and monitoring of remote devices, etc. over a private network over a network. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks. The vulnerability is caused by the fact that the program does not require authentication
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "oncell central manager",
"scope": "lt",
"trust": 1.4,
"vendor": "moxa",
"version": "2.2"
},
{
"_id": null,
"model": "oncell central manager",
"scope": null,
"trust": 1.3,
"vendor": "moxa",
"version": null
},
{
"_id": null,
"model": "oncell central manager",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"_id": null,
"model": "oncell central manager",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "2.0"
},
{
"_id": null,
"model": "oncell central manager server",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"_id": null,
"model": "oncell central manager",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "2.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "oncell central manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-452"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
},
{
"db": "BID",
"id": "76934"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421"
},
{
"db": "NVD",
"id": "CVE-2015-6480"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:oncell_central_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-452"
},
{
"db": "BID",
"id": "76934"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-759"
}
],
"trust": 1.6
},
"cve": "CVE-2015-6480",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6480",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-06672",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07812",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84441",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6480",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6480",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6480",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-6480",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06672",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-421",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84441",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-452"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
},
{
"db": "VULHUB",
"id": "VHN-84441"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421"
},
{
"db": "NVD",
"id": "CVE-2015-6480"
}
]
},
"description": {
"_id": null,
"data": "The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the MessageBrokerServlet servlet, which does not ensure a user is authenticated prior to accepting commands. An attacker can exploit this condition to perform various actions, including addUserAndGroup, to take full control of the product and achieve code execution on all managed hosts. There is a security vulnerability in the implementation. Moxa OnCell Central Manager is a set of private IP management software from Moxa. The software supports the configuration, management, and monitoring of remote devices, etc. over a private network over a network. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks. The vulnerability is caused by the fact that the program does not require authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6480"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
},
{
"db": "ZDI",
"id": "ZDI-15-452"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-759"
},
{
"db": "BID",
"id": "76934"
},
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84441"
}
],
"trust": 4.41
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-6480",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-15-328-01",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-15-452",
"trust": 3.3
},
{
"db": "BID",
"id": "76934",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-06672",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2526",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07812",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201510-759",
"trust": 0.6
},
{
"db": "IVD",
"id": "4979ED48-1E60-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89939",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84441",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-452"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
},
{
"db": "VULHUB",
"id": "VHN-84441"
},
{
"db": "BID",
"id": "76934"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-759"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421"
},
{
"db": "NVD",
"id": "CVE-2015-6480"
}
]
},
"id": "VAR-201512-0071",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
},
{
"db": "VULHUB",
"id": "VHN-84441"
}
],
"trust": 2.14285713
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
}
],
"sources": [
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
}
]
},
"last_update_date": "2024-11-23T22:01:39.849000Z",
"patch": {
"_id": null,
"data": [
{
"title": "OnCell Central Manager",
"trust": 0.8,
"url": "http://www.moxa.com/support/sarch_result.aspx?type=soft\u0026prod_id=3116\u0026type_id=6"
},
{
"title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.02/05/2015 - ZDI sent reports to ICS-CERT02/09/2015 - ZDI receieved an ACK and ticket # from ICS-CERT04/14/2015 - ZDI recieved an update from ICS-CERT that these cases were in work, but \"months out\"04/15/2015 - ZDI reminded ISC-CERT of the prediacted disclosure date, but indicated some flexibility if the vendor could come close05/14/2015 - ICS-CERT advised ZDI that the vendor could not patch until August05/14/2015 - ZDI agreed to go out to August 509/14/2015 - After getting a response that other Moxa cases had patched, but seemingly not these, ZDI asked ICS-CERT if these did not patch with the August 27 patch09/15/2015 - ICS-CERT indicated that they would reach out to the vendor for clarification and requested extension to do so. ZDI declined an extension, but indicated we \"will wait a couple of days, for a status.\"09/18/2015 - ZDI notified ICS-CERT of the intent to 0-day the reports-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.-- Vendor Patch:See https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01",
"trust": 0.7,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx"
},
{
"title": "Patch for Moxa OnCell Central Manager Software Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/67228"
},
{
"title": "Moxa OnCell Central Manager Software Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58856"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-452"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84441"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
},
{
"db": "NVD",
"id": "CVE-2015-6480"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-328-01"
},
{
"trust": 1.7,
"url": "http://zerodayinitiative.com/advisories/zdi-15-452/"
},
{
"trust": 0.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-452/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6480"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6480"
},
{
"trust": 0.7,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/76934"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/product/oncell_central_manager.htm"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-452"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
},
{
"db": "CNVD",
"id": "CNVD-2015-07812"
},
{
"db": "VULHUB",
"id": "VHN-84441"
},
{
"db": "BID",
"id": "76934"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-759"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421"
},
{
"db": "NVD",
"id": "CVE-2015-6480"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-452",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-06672",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-07812",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-84441",
"ident": null
},
{
"db": "BID",
"id": "76934",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006487",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201510-759",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-6480",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-10-20T00:00:00",
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "ZDI",
"id": "ZDI-15-452",
"ident": null
},
{
"date": "2015-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06672",
"ident": null
},
{
"date": "2015-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07812",
"ident": null
},
{
"date": "2015-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84441",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "BID",
"id": "76934",
"ident": null
},
{
"date": "2015-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006487",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-759",
"ident": null
},
{
"date": "2015-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-421",
"ident": null
},
{
"date": "2015-12-21T11:59:05.093000",
"db": "NVD",
"id": "CVE-2015-6480",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-09-29T00:00:00",
"db": "ZDI",
"id": "ZDI-15-452",
"ident": null
},
{
"date": "2015-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06672",
"ident": null
},
{
"date": "2015-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07812",
"ident": null
},
{
"date": "2015-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84441",
"ident": null
},
{
"date": "2015-12-08T22:15:00",
"db": "BID",
"id": "76934",
"ident": null
},
{
"date": "2015-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006487",
"ident": null
},
{
"date": "2015-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-759",
"ident": null
},
{
"date": "2015-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-421",
"ident": null
},
{
"date": "2024-11-21T02:35:03.227000",
"db": "NVD",
"id": "CVE-2015-6480",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-759"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-421"
}
],
"trust": 1.2
},
"title": {
"_id": null,
"data": "Moxa OnCell Central Manager Server MessageBrokerServlet Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4979ed48-1e60-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06672"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-759"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…