Cross-Site Request Forgery Vulnerabilities in Innovaphone PBX from Innovaphone
CVE-2014-5335

Currently unrated

Key Information:

Vendor: Innovaphone
Status: Innovaphone Pbx
Vendor: CVE Published:; 25 August 2014

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities exist in Innovaphone's PBX software, prior to version 10.00 sr12. These weaknesses can enable remote attackers to exploit the system by hijacking an administrator's authentication. This could lead to unauthorized changes in configuration or user accounts, such as altering administrator passwords through crafted requests sent to specific endpoints, or adding new SIP users by manipulating requests directed at admin interfaces.

References

http://www.securityfocus.com/archive/1/533197/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 25, 2014
Vulnerability Reserved
Aug 18, 2014