Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.805298 |
Kategorie: | Web application abuses |
Titel: | Loxone Smart Home Multiple Vulnerabilities - Mar15 |
Zusammenfassung: | Loxone Smart Home is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Loxone Smart Home is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - the device transmitting all data in cleartext. - HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. - the '/dev/cfg/version' script does not validate input appended to the response header before returning it to the user. - the '/dev/sps/io/' script does not validate input passed via the URL before returning it to users. - the '/dev/sps/addcmd/' script does not validate input to the description field in a new task before returning it to users. - the program storing user credentials in an insecure manner. - improper restriction of JavaScript from one web page from accessing another when the pages originate from different domains. - an unspecified error related to malformed HTTP requests or using the synflood metasploit module. Vulnerability Impact: Successful exploitation will allow remote attackers to: - conduct a man-in-the-middle attack. - conduct a cross-site request forgery attack. - conduct a cross-frame scripting (XFS) attack. - conduct a denial-of-service (DoS) attack. - decrypt user credentials. - insert additional arbitrary HTTP headers. - execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Loxone Smart Home version 5.49 and probably prior. Solution: Upgrade to Loxone Smart Home version 6.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |