Erwin Paternotte

**Name of the Vulnerable Software and Affected Versions** Moxa EDS-405A and EDS-408A switches with firmware prior to 3.6 **Description** The administrative web interface of the affected switches has a flaw in access control, allowing remote authenticated users to bypass a read-only protection mechanism. This can be achieved by using a specific browser, such as Firefox, with a web-developer plugin. The issue is related to insufficient access control in the firmware of the Moxa EDS-405A and EDS-408A Ethernet switches. **Recommendations** For Moxa EDS-405A and EDS-408A switches with firmware prior to 3.6, update the firmware to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative web interface until the firmware can be updated.

**Name of the Vulnerable Software and Affected Versions** Citrix Access Gateway Enterprise Edition versions 9.2 through 9.2-49.8 Citrix Access Gateway Standard and Advanced Editions versions prior to 5.0 **Description** The issue allows attackers to execute arbitrary commands via shell metacharacters in the `password` field of the web authentication form in the NT4 authentication component. **Recommendations** For Citrix Access Gateway Enterprise Edition versions 9.2 through 9.2-49.8, update to a version later than 9.2-49.8. For Citrix Access Gateway Standard and Advanced Editions versions prior to 5.0, update to version 5.0 or later. As a temporary workaround, consider restricting access to the web authentication form to minimize the risk of exploitation.