Summary
This host is running Advantech WebAccess
and is prone to multiple stack based buffer overflow vulnerabilities.
Impact
Successful exploitation will allow
attackers execution of arbitrary code within the context of the application, or otherwise crash the whole application.
Impact Level: System/Application
Solution
Upgrade to Advantech
WebAccess 7.2 or later, For updates refer to http://webaccess.advantech.com
Insight
The multiple stack based buffer
overflow flaws are due to an error when parsing NodeName, GotoCmd, NodeName2, AccessCode, AccessCode2, UserName, projectname, password parameters
Affected
Advantech WebAccess before 7.3
Detection
Get the installed version of
Advantech WebAccess with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0985, CVE-2014-0986, CVE-2014-0987, CVE-2014-0988, CVE-2014-0989, CVE-2014-0990, CVE-2014-0991, CVE-2014-0992 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability