Summary
This host is running Advantech WebAccess
and is prone to multiple stack based buffer overflow vulnerabilities.
Impact
Successful exploitation will allow
attackers execution of arbitrary code within the context of the application, or otherwise crash the whole application.
Impact Level: System/Application
Solution
Upgrade to Advantech
WebAccess 7.2 or later, For updates refer to http://webaccess.advantech.com
Insight
The multiple stack based buffer
overflow flaws are due to an error when parsing NodeName, GotoCmd, NodeName2, AccessCode, AccessCode2, UserName, projectname, password parameters
Affected
Advantech WebAccess before 7.3
Detection
Get the installed version of
Advantech WebAccess with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0985, CVE-2014-0986, CVE-2014-0987, CVE-2014-0988, CVE-2014-0989, CVE-2014-0990, CVE-2014-0991, CVE-2014-0992 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Struts Cross Site Scripting Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities