Sign-up

ID

VAR-201607-0379


CVE

CVE-2016-4503


TITLE

Moxa Device Server Web Console Authentication Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-04643 // CNNVD: CNNVD-201607-094

DESCRIPTION

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. MoxaDeviceServerWebConsole5232-N is a serial Ethernet device from Moxa. An authentication bypass vulnerability exists in the MoxaDeviceServerWebConsole5232-N release. An attacker could exploit the vulnerability to gain access to change settings and data on the target device. Moxa Device Server Web Console is prone to an authorization-bypass vulnerability. A remote attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. Moxa Device Server Web Console 5232-N is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2016-4503 // JVNDB: JVNDB-2016-003749 // CNVD: CNVD-2016-04643 // BID: 91670 // VULHUB: VHN-93322

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04643

AFFECTED PRODUCTS

vendor:moxamodel:device server web console 5232-nscope: - version: -

Trust: 2.2

vendor:moxamodel:device server web console 5232-nscope:eqversion: -

Trust: 1.6

vendor:moxamodel:device server web console 5232-nscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-04643 // BID: 91670 // JVNDB: JVNDB-2016-003749 // CNNVD: CNNVD-201607-094 // NVD: CVE-2016-4503

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4503
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-4503
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-04643
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201607-094
value: CRITICAL

Trust: 0.6

VULHUB: VHN-93322
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4503
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-04643
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-93322
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4503
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-4503
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-04643 // VULHUB: VHN-93322 // JVNDB: JVNDB-2016-003749 // CNNVD: CNNVD-201607-094 // NVD: CVE-2016-4503

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-93322 // JVNDB: JVNDB-2016-003749 // NVD: CVE-2016-4503

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-094

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201607-094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003749

PATCH
title:Top Pageurl:http://www.moxa.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-003749

EXTERNAL IDS
db:ICS CERTid:ICSA-16-189-02
Trust: 3.4
db:NVDid:CVE-2016-4503
Trust: 3.4
db:BIDid:91670
Trust: 2.6
db:JVNDBid:JVNDB-2016-003749
Trust: 0.8
db:CNNVDid:CNNVD-201607-094
Trust: 0.7
db:CNVDid:CNVD-2016-04643
Trust: 0.6
db:VULHUBid:VHN-93322
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04643 // 
            
            
            
            VULHUB: VHN-93322 // 
            
            
            
            BID: 91670 // 
            
            
            
            JVNDB: JVNDB-2016-003749 // 
            
            
            
            CNNVD: CNNVD-201607-094 // 
            
            
            
            NVD: CVE-2016-4503

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-189-02
Trust: 3.4
url:http://www.securityfocus.com/bid/91670
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4503
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4503
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-04643 // 
            
            
            
            VULHUB: VHN-93322 // 
            
            
            
            BID: 91670 // 
            
            
            
            JVNDB: JVNDB-2016-003749 // 
            
            
            
            CNNVD: CNNVD-201607-094 // 
            
            
            
            NVD: CVE-2016-4503

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 91670

SOURCES
db:CNVDid:CNVD-2016-04643
db:VULHUBid:VHN-93322
db:BIDid:91670
db:JVNDBid:JVNDB-2016-003749
db:CNNVDid:CNNVD-201607-094
db:NVDid:CVE-2016-4503

LAST UPDATE DATE
2025-04-13T23:34:01.184000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04643date:2016-07-11T00:00:00
db:VULHUBid:VHN-93322date:2016-11-28T00:00:00
db:BIDid:91670date:2016-07-07T00:00:00
db:JVNDBid:JVNDB-2016-003749date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201607-094date:2021-09-14T00:00:00
db:NVDid:CVE-2016-4503date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04643date:2016-07-11T00:00:00
db:VULHUBid:VHN-93322date:2016-07-12T00:00:00
db:BIDid:91670date:2016-07-07T00:00:00
db:JVNDBid:JVNDB-2016-003749date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201607-094date:2016-07-08T00:00:00
db:NVDid:CVE-2016-4503date:2016-07-12T02:00:09.940