Moxa OnCell Central Manager MessageBrokerServlet Auth Bypass (CVE-2015-6480)

Critical Vulnerability Information Title: - (0Day) Moxa OnCell Central Manager Server MessageBrokerServlet Authentication Bypass Vulnerability Identifiers: - ZDI-15-452 - ZDI-CAN-2526 - CVE ID: CVE-2015-6480 Rating: - CVSS Score: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P Affected Scope: - Affected Vendor: Moxa - Affected Product: OnCell Central Manager Vulnerability Details: - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Moxa OnCell Central Manager Server. Exploitation of this vulnerability does not require authentication. - The vulnerability resides in the MessageBrokerServlet servlet, which fails to verify that a user has been authenticated before accepting commands. Attackers can exploit this flaw to perform various operations, including adding users and groups, thereby achieving full control over the product and executing code on all managed hosts. Trend Micro Customer Protection: - Trend Micro TippingPoint IPS customers are protected against this vulnerability via Digital Vaccine filter ID ['19418']. More information is available at: http://www.tippingpoint.com Disclosure Timeline: - 2015-02-05 - Vulnerability reported to vendor - 2015-09-29 - Coordinated advisory release Discoverer: - Andrea Micalizzi (rgod) Additional Details: - The vulnerability was disclosed publicly without a patch, in accordance with ZDI’s vulnerability disclosure policy, due to lack of vendor response. - Specific communication and resolution details are outlined in the "Additional Details" section. Mitigation: - Due to the nature of the vulnerability, the only mitigation strategy is to restrict interaction with the service to trusted machines only. This can be achieved using firewall rules/whitelisting features, as described in native Windows Firewall and other Microsoft Knowledge Base articles.

Goal Reached Thanks to every supporter — we hit 100%!

Moxa OnCell Central Manager MessageBrokerServlet Auth Bypass (CVE-2015-6480)